Topics

Don’t get caught in the net: Spot and avoid phishing scams

Written by admin | Jul 1, 2026 7:13:53 AM

 

In the digital world, cybercriminals are constantly casting a wide net to hook your private data. One of the most widespread and deceptive tactics they use is Phishing.

To keep your hard-earned money safe, it is vital to know how phishing works, how it is evolving, and how to spot a scam before you click.  

What is Phishing

Phishing is a type of online scam where criminals impersonate trusted, legitimate organizations—like your bank, delivery companies, postal services, or government agencies—via email, text messages, or advertisements. Their goal is to trick you into revealing sensitive information, such as your online banking login credentials, account numbers, or personal data.

The evolution: phishing via search engine ads

Traditionally, scammers rely heavily on sending mass phishing emails to a large audience. However, tactics have evolved.  

Today, phishers also use paid advertisements on popular search engines to promote their fraudulent sites. When you search for your bank's login page, these malicious ads can appear at the very top of your search results, leading you directly to a fake website designed to steal your credentials.

How the modus works

Phishing relies heavily on psychological trickery, often operating through the following steps:

  1. The bait: You receive an email or see an ad that looks identical to a message from a legitimate company.

  2. The fake crisis: The message or headline uses urgent, alarming, or stressful subject lines to pressure you into acting quickly. For example, it might claim someone is trying to access your online banking account or that a major fund transfer is currently in process.

  3. The trap: The email instructs you to click an embedded link or button immediately to "resolve" the issue or verify your identity.

  4. The catch: Once you click the link, you are taken to a mirror website that looks exactly like the official platform. If you input your personal details or login credentials, the fraudsters instantly capture them to gain access to your real account and perform unauthorized fund transfers.

Red flags: How to spot a Phishing email

Before you act on any urgent request, check the message closely for these common red flags:  

  • Suspicious sender domain: The display name might say your bank's name, but the actual email address domain (the part after the "@" symbol) is completely different from the official business name.

  • Alarming subject lines: Messages that intentionally try to panic or alarm you into reacting without thinking.

  • High-Pressure language: Phrasing that strictly pressures you to act fast before your account is blocked or compromised.

  • Mismatched link destinations: Embedded links or buttons where the destination URL does not match the bank's official, usual link.

What to do if you receive a Phishing message

If an email or advertisement feels suspicious, remember that one careless click is all it takes. Protect yourself by taking these immediate steps: 

  • Do not reply to the email under any circumstances.

  • Never click on any links or buttons provided within the message.

  • Do not download any attachments.

  • Verify directly by closing the email and calling your bank's official customer care hotline to report the incident safely.

Stay alert and verify before you click

Metrobank will never send you an email or text message asking you to click a link to verify your account credentials or unlock your access.

If you think you have encountered a phishing scam or accidentally interacted with a suspicious link, report it immediately by calling the Metrobank Contact Center at (02) 88-700-700 or domestic toll-free at 1-800-18-88-5775, or email us at customercare@metrobank.com.ph.