Over the past week, reports of Filipino Facebook users getting locked out of their accounts have surfaced, alarming some that it may be the work of a secret group of hackers.

Leonard Postrado, a 29-year-old BPO content writer, said he was chatting with friends on Facebook earlier this week when he was suddenly kicked out of the social networking site.

"When I entered the password, ayaw pumasok sa account ko. I did it four times until Facebook notified me na may phishing attack sa FB ko at pinapabago ako ng password. I don't know what that means kasi di ako techie until ginoogle ko and nakalagay nga collecting data," he told ABS-CBN on Friday.

(When I entered the password, I still couldn't get to my account. I did it four times until Facebook notified me that there was a phishing attack on my account and said I should change my password. I didn't know what that meant because I'm not techie so I googled it and found out it meant collecting data.)

A similar incident happened to 36-year-old government employee Kim Quilinguing, who said he was writing a status update when he was logged out of his account due to "suspicious activity."

"My feeling is that someone tried to access my account by claiming to have forgotten my password. And then instead of being provided a new password to a false email account, Facebook alerted me by logging me off and making me review my activities," he told ABS-CBN.

NOT A COINCIDENCE?

Although no one has claimed credit for the attacks, some netizens seem to think that a group called Duterte Cyber Warriors (DCW) had something to do with it.

A user named Patricia Bonife said the DCW posted on Facebook about calling for the surveillance of people who are supposedly trying to influence young people into believing anti-Marcos rhetoric.

Since then, she said students from the Ateneo de Manila University, which was one of the first schools to protest the Marcos burial, have had their accounts "compromised."

"I've seen a lot of people tweeting about it too. We're still not sure if this DCW device is behind it, and it's hard to prove if ever, but the sheer number is just alarming," said Bonife, an Ateneo graduate herself.

Bianca Rodriguez, a senior Interdisciplinary Studies student at Ateneo, said she was alerted two days ago of suspicious log-in attempts on her Facebook account.

"I checked my log-in history and noticed there were three log-ins in areas that were unfamiliar to me. My boyfriend lives in Makati and I live in QC. So my log-in history should have been all QC and Makati but there were places like Bulacan and Valenzuela," she told ABS-CBN.

i guys about the hacking Ateneo thing... So the other day I was logged out of nowhere and I checked my log in history and saw these pic.twitter.com/J2UqH6N8z4

— B Rodriguez 💖 (@biirod) November 24, 2016

User Jan-Daniel Belmonte, whose account was also compromised, has found at least 152 other victims, most of whom are students from Ateneo and the University of the Philippines.

Trying to collect info. So far there's a huge chunk of victims w/ similarities but need to confirm. Help us: https://t.co/LrgJipopI1

— Jan-Daniel Belmonte (@janbelmonte) November 24, 2016

Belmonte hinted of "a certain device that a group of people might be using for the attacks" but said he also heard of instances where accounts were compromised after downloading a fake malware remover.

There's also a possibility of phishing but I rarely log out of my accts so I don't remember logging on to anything.

— Jan-Daniel Belmonte (@janbelmonte) November 24, 2016

OPLAN TOKHANG?

Former President Ferdinand Marcos was clandestinely buried at the Libingan ng mga Bayani on November 18, prompting several online and street protests, many led by young students. Some blamed President Rodrigo Duterte, who supported the burial, which his supporters said was uncalled for.

• READ: After Marcos burial, students, civic groups protest

So the DCW said they came up with a "DCW mobile offensive tool" that can monitor wifi and cellphone traffic within 20 to 35 feet, which it said the President's supporters can just bring anywhere.

"Nagsisimula na po ang Oplang Cyber Tokhang gamit ito. Pero kelangan pa po namin ng madami pang field operatives lalo na sa Makati area,"according to a November 19 Facebook post penned by a "Dr. Salim McDoom."

(We are beginning our Oplan Cyber Tokhang using this. But we need many field operatives, especially in the Makati area.)

In a separate post on Friday, the group also listed the supposed IP address of Ateneo.

'HIGOP'

But Manila Bulletin's Tech Editor Art Samaniego told ABS-CBN News that anyone can claim credit for the attacks.

"Ang dali-dali mag-claim," he said.

(It's so easy to claim credit.)

He admitted, however, that the devices described by the DCW are readily available in the market and that some Filipino hackers have the capability to pull off such stunts.

"Ang term dun 'higop,' hinihigop yung data. It's possible," he said.

Juned Sonido, a digital and social media lecturer at the University of the Philippines, also said this method of extracting data from people has been used in many countries for years.

"Iikot sila kung san ka may devices...they can actually extract data not actually data but passwords," he told ABS-CBN.

(They circle the area wherever you have your devices...they can actually extract data, not actually data, but passwords.)

COMMUNITY STANDARDS

But Sonido said some people are probably being locked out because they are being reported to Facebook for violating its community standards, which is supposed to protect users against crime, threats, bullying and harassment.

"The same community standards designed to protect Facebook users is being used to censor," he said.

He explained that if enough users complain to the social networking site that they feel offended or wronged by certain content, Facebook can remove the posts en masse.

"Titingnan yun ng Facebook. They can say this is offensive to us, (because) he (Marcos) is our hero, pwede ganun mangyari," he said.

(Faceboook will look into that. They can say 'this is offensive to us because Marcos is our hero,' that could happen.)

"That is being used all over the world, not only by governments, by political groups in order to censor people," he added.

Samaniego, however, said users should check if their content really doesn't violate the standards, which also suspends those with multiple profiles, who like too many posts or who spam other users.

WHERE'S THE PROOF?

Rodriguez, Postrado and Quilinguing said they did post things critical of the Marcoses after the late strongman's burial. But some of them said they want further proof that it was the DCW that did it.

"A part of me would like to believe that [it was because of this]. But a part of me would also like to see some evidence. I think it would be difficult to say conclusively unless I see something from Facebook explaining the suspicious activity," Quilinguing said.

"(It's) too early to tell if the phishing is political or something," added Postrado.

Krystle Bagay-Roque, a 29-year-old investment company employee in Singapore who was also locked out of her Facebook account, also doesn't believe the hacking attempts are political.

"Hindi naman siguro. That (DCW) post I think is just to distract people on issues that are more important. Parang tactics nung time ni Marcos," she told ABS-CBN News, noting that she's never been "vocal" about her thoughts on politics especially on social media.

(That's probably not true. That DCW post I think is just to distract people from issues that are more important. Just like those tactics used during the time of Marcos.)

SECURING YOUR ACCOUNT

While nothing has been proven on who is behind the attacks, users can start securing their accounts using some simple steps, said Samaniego.

"Ang hacker, meron silang scanner; kung sino vulnerable, sila tinatarget," he said.

(Hackers have scanners, they target those who are vulnerable.)

So, users should avoid using unsecured public wifi and giving too much information online, said Sonido.

"Ang first line of defense diyan ay lagi security," he said.

(The first line of defense there is always security.)

They should also make their passwords stronger by adding numbers and/or symbols into words and phrases.

They can also enable two-factor authentication options on sites such as Facebook, Twitter and Google.