In the past several weeks, many Filipinos have fallen prey to a hacking scam called SMS hijacking. This is when you receive a SMS from a seemingly reliable source like a Globe, Sky Cable, BDO, or a Maya SMS address alias but it’s secretly being “hijacked” by a scammer in the vicinity. This happens through the use of hardware deployed around potential victims that spoof these aliases. In the past, we were always told by banks to only trust SMS that came from authorized senders. But it seems that we can no longer trust this method as the very message threads we have deemed safe can be used against us.
These hacks often happen when we have let our guard down and see messages from our usual services asking us to update our information, sign up for a promo, or pay a bill. These messages will always come with a link to do so and for the unitiated, these will always be links from URL shorteners or links that have a very similar address from the real one.
To stay vigilant, cybersecurity experts have always recommended moving away from SMS authentication and instead use device keys built into most banking apps. If you’re still using SMS authentication, the best bet would be to use common sense and see whether messages you received were in context to your actions. Why would you receive an OTP for something you did not do? Why would you receive a bill notification link for something you have already paid for?
As a rule of thumb, (1) SMS notifications with links should be avoided at all costs. Even if it seems like a legitimate promotion. It’s better to be safe than sorry. (2) Paying a bill would be best done logging into your banking app versus clicking a link. (3) Activating device authentication and linking your login with an authenticator app like Authy or Google Authenticator is also a great idea.
Stay safe, chat!
