Local telco Globe said it blocked a total of 142,575 smishing messages in February and March this year even as cybercriminals continue to victimize Filipinos looking for work.
The Ayala-owned firm said it has strengthened its security tools and platforms to increase detection and blocking capabilities against illegal SMS and Web blaster devices. Reporting channels and processes have also been enabled for Globe employees, customers, and partners to immediately capture and share information or concerns about fraud and scams.
“Smishing occurs mainly through mobile text messaging, in which scammers attempt to mislead victims into giving away their personal data. Scammers then use this data to take over a victim’s financial accounts,” said Anton Bonifacio, Globe chief information security officer.
He said the company is working with the government and industry stakeholders particularly on threat intelligence sharing initiatives, as well as on awareness campaigns via SMS, website, and social media channels to regularly update the public about spams and scams.
In 2021, Globe said it blocked a total of 1.15 billion scam and spam messages, around 7,000 mobile numbers linked to scammers, and 2,000 unofficial social media accounts and phishing sites last year.
Bonifacio encouraged customers to report scam messages through Globe’s spam reporting mechanism on its website. The reporting form is also available on the GlobeOne App and Globe’s Facebook Messenger and all other agent-assisted channels.
Android phone users may also set up spam filters on their Android devices by downloading the “Messages” app of Google as their default Android SMS messenger. This messaging app has a Spam Protection setting which can be enabled to block unwanted or unsolicited messages.
According to cybersecurity firm Kaspersky, personal data is the main motivation of cybercriminals in targeting job-seekers who are income-less and are themselves in need of money.
Official statistics reveal that as of March 2022, there are 2.87 million unemployed Filipinos and 7.42 million underemployed or those who have jobs but are still looking for other sources of income. According to a job report, about 49% of Filipinos are now keen to work remotely due to pandemic concerns such as health and safety.
For scammers, this is a goldmine they just wouldn’t miss taking advantage of, according to Kaspersky. Personal information such as name, birthday, phone number, email address are already valuable — it can actually cost up to $10 on the dark Web.
Once in the hands of fake job recruiters a.k.a. cybercriminals, these data can then be sold or traded to other cybercriminals or companies. Scammers will also use these data to commit other cybercrimes such as identity theft or to infect device with malware to steal more data stored in it.
Cybercriminals also play on a job seeker’s desperation to make money immediately. In the Philippines, most job scams include having the victim send money to the fake recruiter to pay for “registration fees” or to get “commissions” or “bonuses” with higher returns as long as the victim tops up.
“By now, people are already aware of the standard red flags of fake job offers sent via email such as the sender’s address, layout, etc. More or less we know how to recognize and avoid it so scammers have changed their delivery mode to text/SMS,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
“There is also a lowered expectation of danger in text messages so it’s less scrutinized by the receiver, which means the scam is likely to succeed. When an unsuspecting person gets a message like a job offer with an irresistible pay, she is likely to disregard her mental checklist of warning signs and just click through,” he added.
Yeo also advised companies to take necessary measures to protect their brand and reputation from scammers who exploit their corporate identity and information for fake job offers. Possible reputational losses can be avoided by having the company website, which lists contact details (such as for HR), audited for vulnerabilities.
Kaspersky offers the following tips to job-hunters to help you avoid falling victim to this kind of scam:
- Limit job searches to official sources.
- Do not respond nor click on links if they come from people or organizations you don’t know. Replying simply confirms to the sender that your phone number is active.
- Install a trusted security solution with fraud and phishing protection and follow its recommendations. This will solve most of the problems automatically and alert you if necessary. Remember, personal vigilance is not enough when dealing with sophisticated scam methods used by cybercriminals.
- Use multi-factor authentication (MFA). A common variant is a two-factor authentication (2FA) which often uses a text message verification code while a stronger variant includes using a dedicated app for verification (like Google Authenticator).
- Check the company’s official website for open vacancies matching your job skills.
- Check contact information on companies’ official websites. If needed, send an email to the company to verify if the person who contacted you actually works there.
- Be wary of offers to discuss a job or hold an interview in secret chats where messages are encrypted, cannot be forwarded and which alerts the participants if anyone takes a screenshot.
- Make an additional phone call to the company to ensure that the job offer is legitimate.
- Review your job offer for possible mistakes: carefully check the company name or job title and responsibilities.
- Report all SMS phishing attempts to designated authorities.
What to do if you become a victim? Limit the damage with these important steps:
- Report to any institutions that could assist.
- Change all passwords and account PINs where possible.
- Monitor finances, credit, and other online accounts for strange login locations and other activities.
