Smart exposes new strategy of scammers
PLDT's wireless unit Smart Communications Inc. warns the public against cybercriminals employing new strategies to reach potential victims even as it continues to step up its measures against text scams.
In a statement, Smart said it has recently rolled out its improved blocking tool and boosted its #BeCyberSmart awareness campaign.
“Smart’s much improved blocking capabilities have prevented a significant number of SMShing messages from reaching customers,” said PLDT and Smart Senior Vice President and Chief Information Security Officer Jojo G. Gendrano.
He noted though that “scammers keep looking for new ways to run their phishing activities. They now send unclickable links, but with the same goal of luring customers into opening malicious domains."
Based on Smart’s investigation, scammers replace the dots in a URL with another character like “underscore” or “slash” to mask or conceal the hyperlinks.
They will then ask potential victims to manually copy the address, place it on their browser and replace the special characters with dots, thereby activating the link. Another method is sending what may look like IP addresses but are numeric clickable links.
Coupled with advancement in the PLDT Group’s cybersecurity tools, PLDT and Smart likewise engage customers to become force multipliers in the fight against SMShing and other mobile technology-aided crimes and #BeCyberSmart.
Useful #BeCybersmart tips to identify phishing, the most common form of cyberattack, can be summed up in the acronym "SCAM".
“S” is for suspicious. Never answer calls or respond to messages from unknown persons or entities, especially those asking for one-time passwords or OTPs. Official bank and Smart agents will never ask for your OTP, said Smart.
“C” is for clickbait. Scam texts often bait victims with too-good-to-be-true offers or prize winnings, urging them to click the link to avail of the limited-time offer.
“A” is for alarming. Scammers also prod potential victims to respond to the message or to click the embedded link by creating a false sense of alarm such as account suspension or loss of access, said Smart.
“M” stands for malicious. Whether sent via SMS or email, these messages are often accompanied by a link that leads to a phishing website, it added.