Voice phishing, or "vishing," is a scam in which attackers impersonate trusted sources over the phone to steal personal information. Scammers may fake caller IDs to appear as banks, e-wallet providers, government agencies, or tech support. Never trust a call asking for immediate action, never click on links sent via SMS by the caller, and never provide personal information. Always hang up and call the official number directly if you’re unsure. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.

As e-wallets and digital banking become a part of everyday life for many of us, it's important to take steps to protect our personal and financial information. Use strong, unique passwords and enable multi-factor authentication to keep your accounts secure. Watch out for phishing scams by avoiding suspicious links, never sharing sensitive information through emails, messages, or calls, and only downloading apps from official sources. Also, avoid using public Wi-Fi when accessing your financial accounts to reduce the risk of cyberattacks.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Be cautious of unsolicited phone calls requesting personal or financial information, even if the caller claims to be from a trusted organization. Scammers can make it look like they’re calling from a real company or local number to trick you, and they often use urgent language to pressure you into revealing sensitive details. If you’re unsure, hang up and call the company back using a verified phone number from their official website.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

A new Android malicious software called PhantomCard is targeting bank customers in Brazil by stealing credit and debit card data using NFC (near-field communication). The malware copies card info from a victim’s phone and sends it to criminals, who can then make fake payments.

PhantomCard spreads through fake Google Play pages offering a “card protection” app called Proteção Cartões, tricking users with fake positive reviews. When users install it and place their card near the phone, the app steals card details and PINs and sends them to attackers.

This malware allows criminals to use the victim’s card remotely, making transactions at nearby payment terminals or ATMs. It’s linked to a Chinese group selling similar malware services on Telegram.

Similar NFC-based fraud is growing in other countries, including the Philippines and India, where fake banking apps and malware spread through WhatsApp and phishing sites....

Always be cautious—it's a smart habit. A healthy level of suspicion can help you notice red flags before they become real threats. Don’t automatically trust emails, links, attachments, or anyone claiming to be from your company, even if they appear to come from someone you know. Taking a moment to double-check can prevent costly mistakes. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Some files hide malware—especially .exe, .scr, and .vbs. Always verify the source. It's easier to prevent damage than fix it.

Do:

• Pause before opening unknown files
• Check unfamiliar extensions
• Confirm with the sender
• Scan with antivirus/security tools

Avoid:

• Trusting files from unknown sources
• Assuming a file is safe based on appearance
• Skipping antivirus updates

“Files can lie—trust your gut, not the icon.”

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Avoid clicking on ads, even if they seem trustworthy—they’re often used to spread malicious software. Cybercriminals can disguise harmful content behind professional-looking advertisements. These malicious ads may redirect you to fake sites or automatically download harmful software. Just one wrong click can compromise your device or steal your personal information. For better security, always go directly to a website rather than clicking on ads. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Avoid storing or sending sensitive information, such as passwords or personal data, in plain text. Without encryption, this information can be easily intercepted or accessed by attackers, putting your accounts and privacy at risk. To stay protected, always use secure communication channels like HTTPS or VPNs, and store data using strong encryption methods.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

If you receive an unexpected call from someone claiming to be from the government or tech support asking you to install an app, it's likely a scam. These attackers often create a false sense of urgency or offer "help" to avoid in-person processes, then guide you to install malware disguised as a legitimate tool. No official agency or company will ever ask you to download an app through a call or email link. Always hang up and verify the request through trusted, official contact channels. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Effective cybersecurity follows the Zero Trust principle: never automatically trust any device or person, even if they’re inside your organization. Always verify requests, use strong, unique passwords, and enable multi-factor authentication (MFA) to protect your accounts. Make sure to access sensitive information only through secure, approved devices and applications, and stay cautious to keep your data safe.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support