January 25, 2022
MANILA — William Montecalvo, a teacher from San Bartolome High School in Quezon City, received 13 one-time password text messages from Land Bank of the Philippines (Landbank) around midnight on Nov. 3, 2021.
Upon checking his iAccess account, an alternative banking channel used for fund transfer and updating of contact information, Montecalvo found out that his savings had been nearly wiped out, with a balance of only P800 from P121,000 the last time he checked.
Crisanto Cruz, a teacher at Amaya School of Home Industries in Cavite province, experienced the same problem.
On Dec. 30, 2021, a total of P84,815 was stolen from his Landbank account: P50,025 was transferred to a GCash account while P34,379 went to another bank account.
Cruz said he received three messages from Landbank providing an OTP, but was surprised since he was not using his computer during that time.
“I was alarmed when I saw the three OTP messages and I thought my account was being hacked,” he said.
Upon checking his balance through his phone, his savings were gone.
Montecalvo and Cruz are just two of many teachers who have been victimized by bank cybercriminals. Their storylines are the same: Funds from their Landbank payroll accounts were transferred to other bank or mobile wallet accounts without them making the transactions.
According to Teachers’ Dignity Coalition (TDC) chair Benjo Basas, there are 11 teachers with similar cases so far.
“We are receiving more reports of hacking and we will give updates soon,” he said in a text message.
The group will submit the details of teachers who were victims of the possible scam as they seek help from officials of the Department of Education.
Phishing victims
Landbank on Monday said the teachers had fallen victims to a phishing scam despite the bank’s “safe” systems.
Phishing happens when a bank customer receives an email directing the unsuspecting client to click an attachment or link, which, in turn, enables the tech-savvy scammer to access the victim’s bank information.
In many cases, phishing emails do not look suspicious as scammers try to copy or make them look like legitimate bank emails.
“According to the initial investigation by Landbank, the devices of the teachers were hacked via phishing, which compromised their personal information,” it said in a statement.
“The bank has already reached out to the affected customers and is working on the resolution of these isolated cases at the soonest possible time,” it added.
The lender urged vigilance against phishing and other online banking fraud.
“Landbank reminds its customers to refrain from opening suspicious emails, links and attachments, and sharing your account and personal information. Official Landbank representatives will never ask for the critical financial information of customers,” it said.
Complaint
Landbank said it kept “the highest level of security in all its systems” so that customers’ accounts and personal information were protected.
Montecalvo said that two days after he discovered the theft, he submitted a complaint to the Quezon City Hall branch of Landbank for its “failure to exercise due diligence in ensuring that their iAccess system is fraud-free and safe.”
In a letter dated Jan. 18, Landbank said the “alleged unauthorized transactions were authenticated by a one-time password which was sent to your registered email address or mobile number.”
The bank added that it could not act on Montecalvo’s request for restitution.
He decided to tap the cybercrime division of the Philippine National Police, where he was asked to submit a statement of account so they could trace the reference number.
“But when I went to Landbank, they told me that they could give the documents on where the money was withdrawn but they would not be able to provide the details on where it went,” Montecalvo told the Inquirer.
“They were the ones who told me that the money went to a GCash account so I wanted to see the transaction since the police investigator was also asking for the documents. But [the branch manager] said they could not provide it,” he said.
Hard-earned money
The money allegedly stolen from Montecalvo was worth three years of his savings.
As the head of their school’s disaster risk reduction management operations, he knew the value of preparing for emergencies so he saved that money in case his family would need it amid the pandemic.
“It gravely affected me and I haven’t been able to sleep properly. As an ordinary teacher, that is a huge amount of money. A teacher would not be able to have that much if we won’t loan,” he said, noting that even his concentration for teaching had been affected by the issue.
Cruz, on the other hand, said the money lost was supposed to be used for his maintenance medicine for hypertension and kidney failure.
“I’m lucky since my wife and child have jobs but one teacher (who experienced the same incident) cried because her family would have nothing to eat,” he said.
Montecalvo said he was hoping to get assistance from officials because he did not know who else could help.
“I [wrote] the letters [of complaint] by myself through researching what I could do and while Landbank gave their decision, I could not accept it,” he said.
“I worked hard for that money but it seems like the bank could not understand that,” he lamented.
The branch manager of the Landbank branch in Quezon City Hall told him on Monday that a reinvestigation of his complaint would be conducted.
Worsening crime
The teachers’ cases add to the growing number of bank clients losing their money to cybercriminals.
In December 2021, more than 700 clients of BDO Unibank lost hundreds of thousands of pesos through unauthorized online fund transfers.
Last Jan. 21, the National Bureau of Investigation said it arrested three Filipinos and two Nigerians who were allegedly involved in the hacking of the BDO accounts.
BDO already restituted about 700 affected accounts, but did not disclose the total amounts.