Are scammers using new and more direct ways after an apparent drop in scam and phishing messages this month following the raids in illegal Philippine Offshore Gaming Operators (POGOs)? 

The reason I ask is I got call from this mobile number 0967 923 0091 last August 8. The man identified himself as “Brian Go,” allegedly an employee of Bank of Philippine Islands (BPI), checking about a transaction I had supposedly made at a Mac store in Bonifacio Global City, Taguig that was over P80,000. If you’re going to be billed for this amount you didn’t make, you’ll surely listen to such calls. 

I had received similar calls of this nature twice, one involving a transaction in Washington DC in the US — even though I wasn’t there — and a transaction using a popular travel app. In both calls, the person wanted to confirm if I really made the transaction, to which I said I did not. Both transactions were cancelled or later reversed. [READ: Credit card fraud in Philippines up 21% since pandemic]

Now this Brian Go — who sounded professional — used a similar script that these genuine identity checkers did. What made me initially think that this wasn’t a scam call was that he knew my BPI credit card number, which he asked me to confirm over the phone. Since I was driving to work when I took this call, I had to stop by the road and check my credit card number if indeed this was my 16-digit number. 

After confirming it with him, he went on to assure me that the transaction would be cancelled or reversed in the billing. He said this fraudulent transaction would be reported to the Bangko Sentral ng Pilipinas and the Anti-Money Laundering Council (AMLC).

In hindsight, I now realize that some of what this guy said wasn’t consistent with similar and genuine calls of this nature. In the two previous incidents where the callers were checking if I had made fraudulent transactions, they did not ask me to confirm my 16-digit credit card number.

But what this Brian Go did was to try to win my trust by claiming that he was working to help me cancel the transaction. 

This conversation went on for around 5 minutes already and I was coming close to being late for my meeting. 

After winning my trust, this Mr. Go said he just needed one more piece of information to be able to cancel the transaction: the 3-digit code at the back of the card.

Since I was in a rush for a recording at 4 pm, I almost gave in! It was, I suppose, presence of mind that prevented this scam. 

I recalled all the information I had read, heard, and received via text messages and email not to ever reveal the 3-digit code at the back of the card. 

So, I told Brian Go, why should I give you that information when that information should be available to the bank? I also told him that BPI has always advised its clients never to reveal the 3-digit code.

The caller then assured me that this was a common sentiment among people who also had fraudulent transactions, and he cited the case of a doctor he had supposedly assisted who eventually revealed to him the code so that the credit card transactions would be cancelled. 

I stood my ground, however, and did not give the 3-digit code, after realizing that this was a scam attempt, a good one at that — except the ending. 

I told him I did not know him from Adam and said I would first have to check with BPI if he was indeed working for the bank. 

I then called BPI (889 10000) — fortunately, if you press 5 (after the machine asks for what the call is about), the number for fraud-related calls, it doesn’t take ages to get to talk to a real person. 

The BPI agent — I don’t recall her name anymore — then asked me for the mobile number I received from this Brian Go so that she could check if it was among BPI’s legitimate mobile numbers. I had to stop the car again to jot down the number and tell the BPI agent. She then asked if I gave away my 3-digit code to which I said I didn’t. After checking, she then told me that the number wasn’t on their list of numbers that BPI uses to call their clients, and that it was most likely a scam. I asked her if there was an P80,000 transaction in a Mac store in BGC and she said there was none.

I then asked her to cancel my credit card since it might be dangerous to retain the same number, knowing that a scammer already has it, to which she did after a couple of minutes. I still wonder how this Brian Go was able to get my credit card number.

Two hours later, I got an email from BPI telling me the card had been blocked, and that I would be getting a new one. Another email asked for feedback on how I was served, which included a unqiue code. 

After this close call at getting scammed, I’ve checked whether BPI has warned the public about it and I came across this advisory last May 27 (see BPI video above). The only difference here is the start of the script which tells the card holder that they have points which can be redeemed only if they give the CVV/CVC. I suppose there are other beginnings to the script, all with the same ending.

My lesson from this experience? When you get a call of this nature, always fact check the number with the bank in question if you get suspicious or even seemingly genuine calls, especially if they have your credit card number!

Better safe than sorry. – Rappler.com