We’ve been seeing a lot of reports of people being “scammed” by GCash and Maya. The MO shows screenshots of victims with legit SMS threads from our favorite online banks — the same threads that issue promos and ‘money sent’ confirmations now also contain misleading links. Now why would our banks do that to us?
Here’s the thing. They aren’t. Congratulations. You’re now a victim of a SMS hijacking scheme and the hacker responsible for it is actually within your area.
Scammers use techniques like SMS spoofing to send fake messages that appear to be from trusted companies like banks or payment services. Below, we’ll explore how to detect and avoid these scams, and we’ll share some simple tips to keep your information safe.
How do hackers send fake bank messages that look real?
Hackers have equipment that allows them to disguise their messages as coming from trusted companies like Maya or GCash. They do this with portable devices that act like mini mobile towers, often hidden in parked cars. Their goal is to trick you into sharing personal information by pretending to be a legitimate company. A quick Google image search will show you some photos of hardware being used (and tweaked!) to spoof our trusted banks.
Spoofing is a global concern, facilitated by the use of illegal devices known as International Mobile Subscriber Identity (IMSI) catchers or fake cell towers. These devices can intercept mobile communications within a certain radius, allowing fraudsters to send messages with spoofed sender IDs that bypass network spam filters.
How to detect SMS spoofing in your area:
- Weaker Phone Signal: If your phone suddenly switches to a weak signal (like 2G) in a place where you usually have a strong connection, it could be a sign something’s wrong.
- Strange Texts: After your phone signal drops, you might get a message from an unknown number or a strange sender name. This could be a scam. Tip: Never click on links in text messages, especially if they seem to be from a bank. Banks no longer send links in texts. If you see one, it’s likely a scam. For instance, in Savano Park Bulacan, someone has been sending fake messages using the name “Maya.” If you’re in the area, be extra cautious. A hacker is nearby, most likely in a parked car blasting these messages.
How to protect yourself from these attacks:
Here’s how to stay safe from these fake messages:
- Verify the Message: Don’t trust messages just because they appear to be from Maya, GCash, or a bank. Open their app or call customer service directly to verify.
- Avoid Clicking Links: Never click on links in SMS messages, even if they seem legitimate. Always go to the official website or app.
- Use Two-Factor Authentication (2FA): Ensure you have 2FA enabled for important accounts. This adds an extra layer of protection.
- Stay Informed: Keep up with the latest scam tactics, so you can spot them before it’s too late.
- Report Suspicious Texts: If you receive a suspicious message, report it to the company immediately to help protect others.
- We have another article that lists some other ways people can stay safe.
Do banks have a responsibility to consumers for these scams?
Yes, banks play a role in keeping their customers safe. They should educate users about potential scams and follow regulations, such as not including links in their SMS messages. This helps prevent phishing attempts and creates safer communication channels.
According to Globe, they urge the public to report any suspicious messages to its customer service channels and to follow these digital security best practices:
- Never click on links from unknown sources
- Never share personal information via SMS
- Regularly update your knowledge on the latest scam tactics
- Be wary of unsolicited messages that offer deals that seem too good to be true
- Turn on spam filters on your phone, if feature is available.
Best practices for safe online banking:
- Use Strong Passwords: Choose passwords that are hard to guess and don’t use the same password for multiple accounts. A password manager can help you keep track of them securely.
- Enable Two-Factor Authentication (2FA): Always turn on 2FA for extra security. If possible, use an app-based method rather than SMS.
- Avoid Public Wi-Fi: Don’t log into your bank account while using public Wi-Fi. If you must, use a VPN to protect your connection.
- Keep Your Apps Updated: Regularly update your banking app and devices to protect against security vulnerabilities.
- Monitor Your Accounts: Check your account activity regularly for any suspicious transactions. Most banks offer real-time alerts, so make sure these are enabled.
- Be Careful with Links and Attachments: Never click on links or open attachments in unsolicited emails or texts. Always go to the bank’s official website or app.
- Protect Your Devices: Use antivirus software and make sure your devices lock automatically when not in use.
By following these simple steps, you can secure your online banking and avoid falling victim to fraud.