MANILA - The Philippine National Police-Anti Cybercrime Group (PNP-ACG) has arrested a 22-year old computer hacker allegedly victimizing credit card holders through a phishing site.
The suspect Ace John Candelario was arrested by PNP-ACG operatives inside his house in Barangay Laram, San Pedro, Laguna Tuesday.
The complaint came from banks who have received several disputed transactions from their cardholders.
“Naka-receive kami ng several complaints galing sa mga major banks na mayroong mga disputed transactions sa kanilang mga cardholders kaya nag conduct kami ng investigation. Kinuha namin mga details until such time na it led to the identification of our suspect,” Senior Insp. Artemio Cinco, PNP-Anti Cybercrime Group spokesperson said.
Candelario’s scheme was to send an email to the cardholder making it seem like it came from the bank. Once the victim clicks on the link, the person will now be diverted to a phishing site where the victim will be asked to update personal information, allowing the suspect to encode the details.
“Kunyari ay may update na kailangan, may mga changes sa website so they need again 'yung mga financial information like 'yung bank account numbers, card numbers, passwords, email. Lahat ng puwede nilang makuha sa'yo. Minsan inform ka nila na nag-increase ang credit limit at 'yun ang way para makuha nila ang mga information sa'yo,” Cinco explained.
Once the hacker is able to access personal information, he can now use the victim’s credit card information to purchase goods from online shopping sites and online food deliveries.
“Base sa mga records na nakuha namin sa mga fastfood chains, pangalan niya mismo ang ginagamit niya. During interview sa kanila ay may mga penetration testing na nagpapakilala talaga sila para malaman ng mga companies kung ano ang capabilities nila,” Cinco said.
Another way hackers obtain cardholder details is when they are able to get into the bank’s website where cardholder’s records are available.
“Especially 'yung mga website na nagki-keep ng mga record natin. Pag na-hack nila 'yan ay lahat ng email address ay gagamitin nila at puwede silang magpadala ng mga phishing links. At 'pag ito ay na open nila ay makikita nila kung ano ang ginagamit mong bangko. So from then on ay papadalhan ka nila ng mga links na connected sa bank po. At 'pag na-provide mo 'yung iyong mga information, dun ka na nila mabibikitima,” Cinco said.
Oftentimes, banks are not able to return the money taken by the hackers to the cardholders especially when investigation shows that the cardholder was negligent about keeping his information private.
Cinco advised the public not to open spam emails and to look if the web address of the bank’s website is secure. He also said people should be wary of giving out personal information online or via phone calls.