A public service collaboration for safer digital banking
Home/Learning hub/Philippine guides/How to check a suspicious message

Recognise before you respond

How to check a suspicious message

A message can copy a real bank, government office, delivery service, employer, or person you know. Check the request through a channel the sender does not control.

8–10 minute guideScamProof guide
How to check a suspicious message
Understand

A familiar name is not proof

Scammers use smishing by text, phishing by email, vishing by call, and quishing through QR codes. Caller ID, sender names, logos, profile photos, documents, and links can all be copied or spoofed. The strongest clue is often the behaviour being requested: hurry, keep a secret, open a link, install an app, share a code, or move money.

What to do

Use the five-minute message check

You do not need to reply to investigate. Preserve the message, leave its links and contact details untouched, and verify independently.

  1. 01

    Pause the interaction

    Do not tap, reply, scan, download, call the supplied number, or use an unsubscribe link. If it is a call, hang up. A real concern remains valid after you check it.

  2. 02

    Name the exact request

    Write down what the sender wants: a login, OTP, card detail, payment, app installation, document, or secrecy. Requests for passwords, PINs, CVVs, and OTPs are never made safe by a convincing story.

  3. 03

    Open the official channel yourself

    Use an app already on your device, type the known website, call the number on your card, or visit a branch. Do not copy contact information from the suspicious message.

  4. 04

    Compare and report

    Check whether the claimed alert appears in the official account. Report the message to the impersonated organisation and the relevant Philippine channel, then block and delete it after evidence is saved.

Know the details

Look beyond spelling and grammar

Well-written messages can still be scams, especially with automated translation and AI. Focus on the destination, request, and pressure tactics.

Inspect links without opening them

On desktop, hover to preview. On mobile, a careful long-press may show the destination, but do not proceed. Look for extra words, substituted letters, unrelated domains, and shortened URLs.

Treat QR codes like links

A QR code can hide a fake login or payment address. Do not scan one simply because it appears on a letter, parking notice, poster, invoice, or delivery message.

Check attachments and shared files

An unexpected invoice, document, app file, or cloud-share request can steal credentials or install malware. Confirm with the supposed sender through a known channel first.

Do not trust caller ID alone

A call may display a bank or government number even when it came from elsewhere. End the call and dial the published official number yourself.

Official channels

Where to report suspicious contact

Choose the channel that matches what happened. Keep screenshots and the original sender details.

Remember

The sender does not get to choose how you verify

A legitimate organisation will not punish you for ending an unexpected interaction and contacting it through an official channel. If someone insists that you stay on the line, use their link, or keep the situation secret, stop.