The Market Monitor Minding the Nation's Business
The Bangko Sentral ng Pilipinas (BSP) issued a warning last week about “text hijacking,” a tactic used by fraudsters to execute smishing attacks by mimicking legitimate SMS Sender IDs.
In an advisory, the BSP explained that text hijacking allows fraudsters to infiltrate legitimate text message threads, making their messages seem credible as they blend with authentic communications from trusted sources.
“This increases the effectiveness of the delivery of smishing attacks as they appear to be coming from a legitimate sender,” the BSP noted.
The fraudulent tactic involves spoofing the sender ID of financial institutions to send smishing messages that include malicious links. These links are designed to gain unauthorized access to victims’ financial accounts.
The BSP urged the public to exercise caution by avoiding clicking on links in SMS messages, even if they seem to come from banks, e-money providers, or other financial institutions.
“Banks and e-money issuers will never ask you to click a link sent via email or SMS to perform transactions you did not initiate. Always use official mobile or Internet banking platforms for your transactions,” the advisory stated.
The BSP also encouraged immediate reporting of any unusual transactions or activities involving bank or e-money accounts to the respective financial institutions.
“The BSP assures the public that it is actively working with BSP-Supervised Financial Institutions (BSFIs) and other key stakeholders to address concerns related to text hijacking,” the central bank added.