Phishing, hacking attacks on the rise – AMLC
MANILA, Philippines — The country’s sole financial intelligence unit has noted a steady rise in suspicious transactions involving phishing and hacking in the Philippines, with the value involved amounting to P16.4 billion over the past decade.
In its typologies brief centering on phishing or hacking, the Anti-Money Laundering Council (AMLC) focused on 50,521 suspicious transaction reports (STRs) submitted by covered persons between 2011 and February 2022.
The AMLC said the descriptive analysis showed an increasing trend in the STRs involving phishing/hacking, except for the year 2020, where a considerable drop was observed.
“The number of STRs is generally increasing, and there is a significant surge in 2019. There is, however, a drop in the numbers reported in 2020. Nonetheless, this was followed by an abrupt increase in 2021,” .
In 2019, 68 percent of the total STRs for the year or 8,847 transactions were reported by an electronic money issuer, due to an investigation conducted by its fraud unit following the complaints raised by some banks involving account takeover where some bank accounts maintained with these banks were compromised and proceeds were transferred to different wallets of another electronic money issuer.
Other reasons for filing include online banking fraud, phishing, unauthorized transactions, and internet fraud-online hacking, among others.
In 2021, 64 percent of the total or 13,116 STRs were again reported by electronic money issuers due to complaints pertaining to account takeover that involved incidents of customers as victims of phishing through various means, such as calls, SMS, e-mails, phishing links, fake pages, other fake pages on social media platform, chat via an e-commerce platform app, stolen phones, and other unknown means initiated by perpetrators.
It revealed that majority of the STRs filed by covered persons are for swindling, accounting for 65 percent or 32,625 of the total reports valued at P15.69 billion, followed by violations of the Electronic Commerce Act of 2000 with 23 percent or 11,843 worth P482.3 million.
In terms of peso value, one transaction had the largest chunk at 95.4 percent, as this includes an attempted transaction to deposit a bogus 250 million Euros or approximately P15.2 -billion bank draft.
Certain suspicious indicators, such as the amount involved is not commensurate with the business or financial capacity of the client, are also among the reasons used by covered persons.
For common transactions used, the AMLC said majority are inter-account transfers, electronic cash card loading, credit card purchases, and electronic cash card withdrawal.
Furthermore, majority or 99.73 percent of the STRs are domestic transactions, while only 0.27 percent pertains to international remittance transactions. Half of the total domestic transactions are reported from the National Capital Region (NCR), Calabarzon, Central Luzon, Central Visayas, Ilocos Region, Davao Region, and Western Visayas, while 44.6 percent of the transaction locations are unknown.
For international remittances, 27.2 percent of the transactions were from or sent to the US.
The report includes different types of phishing or hacking, such as vishing, SMS phishing, business e-mail compromise, and user account hacking, among others.
Phishing is one of the most common fraudulent activities in the country. Various agencies have noted the importance of public awareness of this type of scam and have even posted phishing information on their websites.
The AMLC also observed in some typologies that illegal proceeds were mostly transferred through banks and non-bank financial institutions, such as electronic money issuers and money service businesses.
“With the increasing trend of STRs involving phishing/hacking, it is important for covered persons to be cautious as perpetrators could be maximizing the use of technology in the facilitation of said crimes,” it said.
To address the issues, the financial intelligence unit called for information sharing among law enforcement agencies, supervising authorities, AMLC public-private program partners, and other financial intelligence units to increase awareness of the presence of phishing or hacking domestically.
The Philippines has been given until next month by Paris-based dirty money watchdog Financial Action Task Force (FATF) to address key issues after it was included in the gray list or jurisdictions under increased monitoring.
- Latest
- Trending