NPC PHE BULLETIN No. 4: Protecting personal data in the time of COVID-19

March 23, 2020 | 10:33 PM GMT+0800 Last Edit: March 23, 2020

A growing number of online fraudsters are exploiting the public fear surrounding the COVID-19, using the pandemic to lure people into clicking phishing emails and installing malwares capable of stealing personal data and money.


Our fear during a crisis can expose us to data privacy risks, predisposing us to make hasty or ill-informed choices online, which fraudsters are taking advantage of.


In view of these heightened risks, the National Privacy Commission is appealing to everybody to be very careful online, especially when using online financial services and accessing health-related apps. Be cautious with the sites you visit, enhance your privacy settings, and protect your personal data.


In this period of home quarantine, digital access becomes our main gateway not just for news but also to coordinate tasks with co-workers, make online financial transactions and most importantly, get in touch with loved ones.


Indeed, now is the worst possible time to fall victim to online fraudsters. They can steal your sensitive data, cause you financial and reputational damages, make your device unusable and cut you off from the outside world.


To avoid such scenarios, we need to be vigilant and familiarize ourselves with the warning signs.


The National Privacy Commission encourages everyone to practice the following tips to protect personal data in the time of COVID-19:


  • Do not give out your personal data in suspicious COVID-themed emails and messages.

    Is the email or message unsolicited? Does it urgently encourage you to open the attached file? Is it promising COVID vaccines or cure that you have not heard of at all in the news or credible websites? Do not click them. It is most likely a phishing attack that steals your financial data such as credit card or online banking details.


  • Make trusted government and other legitimate websites your go-to source for the latest COVID information.

    We have a lot of questions about the pandemic. We will not find these answers, however, on some random websites or applications. What we may find on these sites instead are suspicious links, pop-ups and downloadable files, resulting in a ransomware infection that locks us out of our devices. Not only do you protect yourself from ransomware by relying on trusted sources, you also get to avoid misinformation.


  • Ensure that the charity or crowdfunding campaign you plan to donate to is legitimate.

    Research online or through your social media contacts from whom you learned of the charity or crowdfunding campaign. Know where your donations will go. Think twice if the charity rushes or pressures you or makes unrealistic promises just to get you to donate. If you’ve decided to make the donation, be sure to check your bank statements and see if you’ve been charged the right amount.


  • Be mindful of phishing baits from online scammers.

    Scammers want you to click on a link or give your password, account number and other personal information. This way they can steal your identity, money and gain access to your computer or cellphone. To do this, they use familiar company names or pretend like someone you know. They pressure you to act now or else.


When you receive such messages, be skeptical. Look up the website or phone number for the company or person contacting you. Call them directly using the company’s official number or email. Never give any personal information especially your password and pin number.


Most phishing attempts use bad grammar and spelling. There are some, however, that looks legitimate and very convincing.


During this critical period, all our focus and efforts should go to the fight against the spread of the COVID-19 virus. We should avoid, at all cost, getting sidetracked by these digital pitfalls.


In case you feel that your personal data have been compromised, please feel free to contact our complaints and investigation team. You may email us at [email protected] and [email protected]


RAYMUND ENRIQUEZ LIBORO
Privacy Commissioner