GSIS-Online

GSIS Advisory on Email Phishing Scams

While everyone is dealing with the COVID-19 pandemic, email phishing scams have been launched by hackers knowing that most of us are connected to the internet without web protection.

What is an email phishing scam? This happens when threat actors or cybercriminals pose as trusted individuals or organizations and send out emails that contain malicious attachments or links to fake websites. The aim is to steal personal or sensitive information such as your name and password, which could be used for identity theft or online financial theft.

BEWARE of these criminals pretending to be from GSIS, Authorized Agencies (e.g. DOH, DSWD, etc.), Trusted Organizations (e.g., WHO, Red Cross, etc.) or Banks (UBP, LBP, etc.) to steal your personal and sensitive information. If you are contacted by a person that appears to be from these groups, verify their authenticity before responding.

GSIS, Banks, Authorized Agencies, and Trusted Organizations will:

  • NEVER ask for your username or password or one time pins (OTP)
  • NEVER email attachments you did not ask for
  • NEVER lead you to unknown sites
  • NEVER charge money or ask you to provide sensitive personal information
  • NEVER conduct funding activities, offer grants or certificates through email
DO TAKE NOTE of the following RED FLAGS:
  • USE of public email domains like @gmail.com or @yahoo.com instead of the official domains. Search for the company name online to find out the real domain name and always compare it to the email addresses used in the new mails.
  • USE of urgent alerts like “your account will be deactivated,” “your account has been compromised,” or “you won a trip abroad” are used by scammers to create a sense of ugency that will make you share your information without thinking. Take time to go through the email and question how reasonable the alert is.
  • USE of URL links as part of the email message. Examine the URLs to see if they lead to unknown sites and type the URL instead of clicking on it to spot the inconsistencies.
  • USE of attachments that does not fit the context of the email. These may contain malware that can steal information of infect your device. Avoid clicking these attachments completely.
  • USE of company and anti-virus logos. Check if the email matches with legitimate emails from the same company. It is likely that the email is fake if there are obvious discrepancies or mistakes.

Leave a Reply