The Bangko Sentral ng Pilipinas (BSP) has just issued a stark warning to the public about a sophisticated scam known as “text hijacking,” a method used to deliver malicious messages disguised as legitimate communications.   

According to the BSP, the holiday season, which is a time for joy, giving, and celebration, also presents an increased risk for cybercriminals to up the tempo of their text hijacking activities. Earlier this year, the central bank also advised the public not to invest in cloud mining machines to mine cryptocurrency, emphasizing that its operations are beyond the BSP’s regulatory scope.

Text hijacking involves fraudsters intercepting legitimate text message conversations, making their messages appear safe and trustworthy by blending in with other messages from a trusted source, such as a bank or e-money provider.

This deceptive tactic significantly increases the effectiveness of “smishing” attacks, where fraudsters send messages containing malicious links designed to steal sensitive financial information.   

One common method of executing text hijacking involves the use of IMSI catchers. These devices broadcast a stronger signal than nearby legitimate cellular towers, tricking mobile phones within a specific area into connecting to them instead. 

This allows fraudsters to intercept and manipulate text messages, sending malicious content or phishing links to unsuspecting victims.   

BSP issues advisory on text scams

The BSP advises the public to remain vigilant and take the following precautions:

  1. Never click on links in SMS messages: Even if the message appears to be from your bank, e-money provider, or another trusted source, exercise extreme caution.
  2. Scrutinize all messages: Be wary of any message that requests personal information or urges you to click on a link. Remember that legitimate financial institutions will never ask for sensitive information via SMS or email. For any transactions, always access your bank accounts directly through official mobile or internet banking platforms.
  3. Report any suspicious activity: Immediately report any unusual transactions or activities related to your bank or e-money accounts to your respective provider.

The BSP, in collaboration with supervised financial institutions and key stakeholders, is actively working to address the growing threat of text hijacking. However, vigilance from the public remains crucial.   

The DICT has issued a similar advisory in November

In November this year, the Department of Information and Communication Technology (DOCT) has also warned of text scams asking users to click on links.

May mga umiikot na mga sasakyan na kargado ng equipment para mag-capture ng lahat ng cellphone number dun sa kapaligiran at once makuha yung cellphone number binabato ngayon na itong nga messages na ito,” DICT Secretary Jan Ivan Uy had said then. (There are vehicles roaming the streets that have equipment that can capture cellphone numbers in the vicinity, and the scammers send messages to these numbers.)

He added that the public may be deceived as the scammers send links that may look legit.

Dadalhin ka doon sa mismong site na mukhang kamukha ng lehitimong site kasi kinopya lang nila pero hindi totoong site yun. ‘Please key in your username, your password,’ and then pag key in mo diyan, kuha na yung detalye mo, yung credentials mo at pwede nang masimot kung anuman yung pera na nandun sa account na yun,” Uy further stated. (It will bring you to a site that looks legitimate since they copied it. Once you key in your username and password, the scammers can attain your personal details and credentials, and they can obtain all your money.)

Brandcomm

He added that the DICT cannot combat the scammers’ advanced equipment, and urged the public not to immediately click on links sent through text messages or call the number.

Magpapasko, medyo may pera mga tao at gusto mamili. Magdoble ingat po kayo sa inyong transaction lalo na online. Always be suspicious. Lalo na kung unsolicited,” Uy said. (The public should be extra careful with their online transactions, especially since we are nearing the Christmas season. Always be suspicious, especially with unsolicited messages.)

As the holiday season unfolds, it is essential to also remember what the BSP has said: that cybercriminals are constantly evolving their tactics.

By staying informed and practicing safe online behavior, individuals can protect themselves from falling victim to these sophisticated scams and enjoy a safe and secure holiday season.

By Ralph Fajardo

Ralph is a dynamic writer and marketing communications expert with over 15 years of experience shaping the narratives of numerous brands. His journey through the realms of PR, advertising, news writing, as well as media and marketing communications has equipped him with a versatile skill set and a keen understanding of the industry. Discover more about Ralph's professional journey on his LinkedIn profile.