In the Philippines, the holiday season is a time for festivities, giving, and reconnecting with loved ones. However, it’s also a peak period for scammers who take advantage of people’s generosity, busyness, and increased online activity.

Scams range from digital fraud to impersonation schemes, often targeting individuals who are distracted or less cautious during this season. Knowing these scams can help you stay vigilant and protect your finances and personal information.

Here are some of the most common holiday scams to avoid in the Philippines.

Smishing, Phishing, and Vishing

What It Is:
These scams aim to steal your sensitive information by pretending to be legitimate entities.

• Phishing involves emails tricking you into clicking on malicious links or providing confidential details.
• Smishing uses SMS to send fraudulent messages, sometimes pretending to be a legitimate entity by blasting in a certain area.
• Vishing involves scammers calling and pretending to be representatives of trusted organizations, such as banks.

How It Works:
During the holiday season, you might receive a text or email that looks like it’s from your bank or eWallet provider, from a telco, or a major retailer, claiming you need to update your account details, verify a transaction, or win a raffle. These messages often include links that lead to fake websites designed to capture your information.

How to Avoid It:

• Always verify messages by contacting the company or organization directly using official contact numbers or websites.
• Avoid clicking on links or downloading attachments from unknown senders.
• Be cautious of texts or calls requesting urgent actions, such as transferring money or sharing OTPs (one-time passwords).

Social Media Scams

What It Is:
Scammers use platforms like Facebook, Instagram, and TikTok to lure victims into fraudulent schemes, often by pretending to be legitimate businesses or individuals.

How It Works:
In the Philippines, scams can include fake online stores offering popular products at very low prices or individuals posing as sellers on Facebook Marketplace. After payment is made via GCash or bank transfer, the scammer disappears without delivering the product. Additionally, some accounts impersonate local brands or government agencies, tricking users into providing personal information or making donations.

How to Avoid It:

• Check the credibility of online sellers by reading reviews and ensuring they have a verifiable history of successful transactions.
• Avoid deals that seem too good to be true.
• Use secure payment methods that offer buyer protection.
• Report suspicious accounts or ads directly to the social media platform.

Unknown Pop-Up Links

What It Is:
Scammers use online ads or pop-ups to promote fake websites or games that promise big rewards for small deposits.

How It Works:
You might see a pop-up claiming you’ve won a prize or offering a chance to win large sums by betting a small amount. Clicking on these links often leads to malware-infected websites designed to steal your personal information or trick you into making deposits that you can never withdraw.

How to Avoid It:

• Avoid clicking on gambling ads, especially from unknown or unverified sources.
• Use ad blockers to reduce exposure to pop-ups and fake gambling links.
• Be cautious with online games or apps that require deposits to win prizes.

GCash Cash In / Out Retailer Scams

As digital wallets like GCash become increasingly popular in the Philippines, they’ve also become prime targets for scammers, especially during the busy holiday season. A recent incident highlights just how crafty fraudsters can be and serves as a strong warning for all GCash users.

A GCash user encountered a scammer who tried to exploit the cash-in process by requesting to take pictures of a mobile phone screen. While pretending to need assistance, the scammer photographed an OTP (One-Time Password) that popped up on the screen, a critical piece of information used to link accounts.

The victim, realizing the danger, quickly deleted the photo and removed the scammer. However, it wasn’t until later that they remembered the deleted image might still be recoverable from the “Recently Deleted” folder. The scammer had disappeared by then.

Acting fast, the victim transferred PHP 50,000 from their GCash account to a bank account for safekeeping. Unfortunately, before they could decide what to do with the remaining PHP 20,000, the scammer managed to transfer it to a Lazada-linked account via GCash.

What We Can Learn

This story highlights several tactics scammers use, such as:

1. Exploiting OTPs: OTPs are sent to your phone for verification when linking accounts or making transactions. Scammers use tricks, such as taking photos or peeking, to gain access. Never share your phone nor OTP to anyone. Also, keep your eWallet SIM out of your mobile to separate your OTPs.
2. Distracting Victims: Scammers often pretend to need help to lower your guard, giving them an opportunity to exploit your account.
3. Rapid Execution: Once they have the necessary information, scammers act fast, transferring funds to accounts that are hard to trace or recover from.

Skimming and Card-Related Hacks

What It Is:
Scammers use skimming devices, phishing techniques, or malware to steal credit and debit card information.

How It Works:
During the holidays, many Filipinos shop online or at malls, increasing the risk of card fraud. In skimming cases, card details are stolen when swiped through compromised point-of-sale systems or ATM machines. Online, hackers may use fake payment gateways or phishing emails to capture card details.

How to Avoid It:

• Enable transaction alerts on your cards to monitor unauthorized activities.
• Avoid using ATMs in poorly lit or unsecured locations.
• Lock your card when you don’t use it. Many banks now offer card locking in their apps to increase card security.
• Only shop on trusted and secure websites with “https://” in their URL.
• Regularly review your bank statements and report discrepancies immediately.

Fake Bank Websites

What It Is:
Scammers create fake websites that look identical to official bank websites to steal login credentials and personal information.

How It Works:
You may receive an email, text, or social media message claiming there’s an issue with your account or that you’ve won a bank raffle. The message often includes a link to a fake website that looks legitimate. Once you enter your username, password, or OTP, scammers gain access to your account.

How to Avoid It:

• Always type your bank’s website URL directly into the browser instead of clicking on links from messages or emails.
• Check for red flags on websites, such as grammatical errors or odd-looking URLs.
• Use your bank’s official mobile app instead of a web browser for online banking.
• Report phishing attempts to your bank immediately.

Tips for Staying Safe During the Holiday Season

1. Stay Informed: Be aware of common scams and share information with family and friends, especially those who are less tech-savvy.
2. Verify Everything: Always double-check the legitimacy of messages, websites, and sellers before acting.
3. Use Secure Channels: Only use official apps and websites when shopping or banking online.
4. Report Suspicious Activities: If you suspect a scam, report it to the relevant authorities or organizations, such as the National Privacy Commission or your bank.
5. Be Cautious with Payments: Avoid making payments via methods that don’t offer buyer protection, such as direct bank transfers or prepaid cards.

What to Do If You’ve Been a Victim of a Scam

Falling victim to a scam can be a distressing experience, especially when it involves losing money or personal information. However, taking the right steps immediately can help minimize the damage and increase your chances of recovery.

1. Stay Calm and Assess the Situation

• STOP Yapping on Social Media. Even the National Government advises you to stop making posts for awareness and start making logical steps to ensure you can get your money back.
  
  CICC Executive Director Alexander K. Ramos appealed to the surge in complaints on the unauthorized fund transfers involving an eWallet earlier in November.
  
  “We encourage the public to please report to CICC if they were affected by the recent e-wallet losses. We may be able to assist them if they call 1326 so they can be assisted in the investigation instead of posting their losses on social media,” Ramos underscored
  
  “Your social media platforms will not in anyway assist you nor resolve your loses in your e-wallets,” he added.
• Review the Incident: Take a moment to identify what happened. Did you share sensitive information, click on a malicious link, or lose money through a fraudulent transaction? Understanding the scam will help guide your next steps.
• Gather Evidence: Collect any related emails, text messages, screenshots, or transaction receipts to document the incident. This information will be crucial when reporting the scam.

2. Secure Your Accounts

If the scam involved your online accounts, personal information, or bank details:

• Change Passwords Immediately: Update passwords for affected accounts and ensure they are strong and unique.
• Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts to prevent unauthorized access.
• Monitor Account Activity: Keep a close watch on bank accounts, email, and social media for unusual activity.

3. Report the Incident

• Contact Financial Institutions:
  • If money was stolen, notify your bank, e-wallet provider, or credit card company immediately. They may be able to freeze transactions or help recover funds.
• Inform Relevant Authorities:
  • Cybercrime
  • Banks or Service Providers: Use their fraud hotlines to escalate the issue.
• Notify Platforms: If the scam occurred through social media or an online marketplace, report the user or listing to the platform.

4. Alert Others

• Warn Family and Friends: Share details of the scam to prevent others from falling victim to the same scheme.
• Report Numbers or Accounts:
  • Contact your mobile network provider to block and report suspicious phone numbers.
  • If scammers used specific bank accounts or e-wallet numbers, report them to the respective financial institutions.

5. Take Precautions for Future Safety

Once the immediate crisis is addressed, take steps to strengthen your defenses against scams:

• Educate Yourself: Learn about common scams, such as phishing, smishing, social media scams, and fake websites, to recognize red flags.
• Use Secure Payment Methods: Opt for payment methods with buyer protection when shopping online.
• Install Security Software: Use antivirus and anti-phishing tools to protect your devices from malware.
• Regularly Monitor Accounts: Review transaction histories and bank statements for suspicious activities.

By staying vigilant and informed, you can protect yourself from falling victim to scams this holiday season. Let’s make the holidays about celebration, not stress, by prioritizing security and awareness in all transactions.