BSP warns public vs SMiShing scam

THE Bangko Sentral ng Pilipinas (BSP) issued a public advisory on Tuesday warning the public not to click on untrusted links via unsolicited emails or text messages as these can perpetrate fraud.

The Central Bank said the modus is called SMiShing, a form of phishing scam where a fraudster sends a text message to trick a user into clicking on a malicious link.

This malicious link, when clicked, automatically downloads malware and/or redirects to websites that collect information that may be used for fraud.

Such websites may have been created by scammers to trick a user into disclosing login credentials, personal data, bank or credit card details, or passwords; or to introduce mobile malware.

“While these websites may seem legitimate, fraudulent sites often have errors in spelling, punctuation, capitalization and grammar. Banks, e-money issuers and legitimate companies exert extra effort to maintain professional websites without such errors,” the BSP said.

To help prevent this, the BSP is advising the public to: carefully scrutinize messages; refrain from clicking links even if these appear to be coming from banks, e-money issuers, or known companies or brands; and, protect personal information.

“The BSP reiterates that legitimate financial institutions will not ask for personal details and/or account credentials [e.g., username, password, OTP or one-time pin/password] from their customers via text messages or by sending links to websites,” the BSP said.

Consumers who experienced SMiShing attempts are advised to report these to their banks or e-money providers immediately.

Prime target

LAST month, Genie Gan, gead of Public Affairs and Government Relations for Asia Pacific & Middle East, Turkey and Africa at Kaspersky Lab ZAO told reporters in a news briefing that just like its Southeast Asian counterparts, the past five years saw the Philippines being a prime target by various cyber threats ranging from web attacks, remote desktop protocol (RDP) attacks and mobile malware.

Although mobile malware attacks may have dropped sharply in the Philippines from 2019 to 2021 by 69 percent, Gan warned there are indications that Trojans are injected into third-party ad modules and new Trojans are being discovered. This is proof that cybercriminals have become creative and sophisticated in their approach, the executive said.

As far as the local government is concerned, legal policies and regulatory frameworks on cybersecurity have already been laid out and are currently in place, Gan said. She said Kaspersky urges the state to collaborate with its neighbors and private companies to further build its cyber-resiliency.

Whereas the cybersecurity landscape in the Philippines is distinct from the rest of SEA, Gan it is still interconnected with its regional neighbors in so many ways.

“This is why we encourage the government regulators to begin boosting its cyber capacity-building and cooperation efforts. These two are basically the building blocks of cybersecurity,” she added.

Image credits: CNN Philippiness