The Bangko Sentral ng Pilipinas (BSP) has warned the public to be vigilant against fraud perpetrated through unsolicited emails or text messages with links that redirect the mobile user to highly suspicious websites.
These include smishing, a form of phishing scam where a fraudster sends a text message to trick a user into clicking on a malicious link. This malicious link, when clicked, automatically downloads malwares and/or redirects to websites that collect information that may be used for fraud.
To help prevent this, the BSP advised the public to carefully scrutinize messages; to refrain from clicking links even if these appear to be coming from banks, e-money issuers, or known companies or brands; and to protect personal information.
The BSP reiterated that legitimate financial institutions will not ask for personal details and/or account credentials (e.g., username, password, OTP or one-time pin/password) from their customers via text messages or by sending links to websites.
Such websites may have been created by scammers to trick a user into disclosing login credentials, personal data, bank or credit card details, or passwords; or to introduce mobile malware.
While these websites may seem legitimate, fraudulent sites often have errors in spelling, punctuation, capitalization, and grammar. Banks, e-money issuers, and legitimate companies exert extra effort to maintain professional websites without such errors, the BSP said.
The central said consumers who experienced SMiShing attempts are advised to report these to their banks or e-money providers immediately.