The wireless division of PLDT, Smart Communications, Inc. (Smart), keeps intensifying its efforts to combat text scams. Along with launching its enhanced blocking tool and stepping up its #BeCyberSmart awareness campaign, Smart issues a warning against hackers using novel techniques to target potential victims.
“Smart’s much improved blocking capabilities have prevented a significant number of SMShing messages from reaching customers. But scammers keep looking for new ways to run their phishing activities. They now send unclickable links, but with the same goal of luring customers into opening malicious domains,” said Jojo G. Gendrano, SVP and Chief Information Security Officer at PLDT and Smart.
According to Smart’s analysis, con artists hide or mask hyperlinks by replacing the dots in a URL with another character, such as “underscore” or “slash.” Then, in order to activate the link, they will instruct possible victims to manually copy the address, paste it into their browser, and swap out the special characters with dots. Sending what appear to be IP addresses but are actually clickable URLs with numbers is another technique.
Along with the evolution of the cybersecurity tools offered by the PLDT Group, PLDT and Smart also encourage their clients to #BeCyberSmart and act as force multipliers in the battle against crimes helped by mobile technology, such as SMShing. The name “SCAM” stands for “SCAM-Useful Cybersmart Tips for Identifying Phishing,” the Most Common Cyberattack Type.
S is for ‘Suspicious’. Never answer calls or respond to messages from unknown persons or entities, especially those asking for one-time passwords or OTPs. Official bank and Smart agents will never ask for your OTP.
C is for ‘Clickbait’. Scam texts often bait victims with too-good-to-be-true offers or prize winnings, urging them to click the link to avail of the limited-time offer.
A is for ‘Alarming’. Scammers also prod potential victims to respond to the message or to click the embedded link by creating a false sense of alarm such as account suspension or loss of access.
M stands for ‘Malicious’. Whether sent via SMS or email, these messages are often accompanied by a link that leads to a phishing website.
If you receive suspicious messages or calls, please report them to cybersecurityincidents@smart.com.ph and cybersecurityincidents@pldt.com.ph or to Smart’s verified and official social media pages
