BSP warns public against text hijacking

STOCK PHOTO

MANILA, Philippines – The Bangko Sentral ng Pilipinas (BSP) on Tuesday warned the public against text hijacking, a method to deliver smishing attacks wherein fraudsters use named SMS Sender IDs to send malicious texts.

In an advisory, the BSP said text hijacking is a modus operandi where fraudsters insert themselves into legitimate text message conversations, making their messages appear safe by blending in with other messages from a trusted source.

“This increases the effectiveness of the delivery of smishing attacks as they appear to be coming from a legitimate sender,” the BSP said.

“Fraudsters spoof the sender ID of financial institutions and send smishing messages containing malicious links, aiming to gain unauthorized access to financial accounts of their victims.”

READ: DICT says hacking during Christmas season an issue of awareness

The BSP reminded the public not to click links in SMS messages even if they appear to be coming from the bank, e-money provider, or financial institution and always scrutinize messages received.

“Remember that banks/e-money issuers will never ask you to click a link sent through email or SMS to execute transactions that you did not initiate. You may go directly to mobile or Internet banking facilities for any transactions with your bank/e-money issuer,” it said.

The BSP also urged the public to report any unusual transactions and or activities involving their bank or e-money accounts to their bank or e-money provider immediately.

“The BSP assures the public that the BSP, in collaboration with the BSP Supervised Financial Institutions (BSFIs) and key stakeholders, are already taking measures to address text hijacking concerns,” the central bank said.