The Bangko Sentral ng Pilipinas (BSP) is cautioning the public about a new method of delivering smishing attacks known as text hijacking.
Text hijacking is a technique where fraudsters insert themselves into legitimate text message conversations. By spoofing the sender ID of trusted sources like banks or e-money providers, they can send malicious messages containing phishing links.
This deception can trick unsuspecting individuals into revealing sensitive information or compromising their financial accounts, the BSP said.
It said one common method involves the use of International Mobile Subscriber Identity (IMSI) catchers. These devices can mimic legitimate cellular towers, luring mobile phones to connect to them instead. Once connected, fraudsters can intercept and manipulate text messages, sending malicious content or phishing links.
The BSP said to safeguard the public from text hijacking attacks, they should never click links in SMS messages, even if they appear to be from their bank or e-money provider.
It advised SMS recipients to scrutinize messages carefully. “Legitimate financial institutions will never ask you to click links in emails or SMS to conduct unauthorized transactions,” it said.
The BSP also asked recipients to report suspicious activity. “Immediately report any unusual transactions or activities related to your bank or e-money accounts to your respective provider,” it said.
The BSP said that in collaboration with supervised financial institutions and other stakeholders, it is actively working to address text hijacking concerns and protect the public from cyber threats.
