During work hours, one of our SmartParenting.com.ph editors suddenly received a text message from Netflix with a verification code. She thought it was a mistake until a few minutes later, she received another message from an unknown prepaid number saying that she had been selected to receive a Php500 money-back on her telecom bill "sponsored by Netflix." All she had to do was to forward the "6 Digits redeem code" that they sent.
Our editor knew right away it was a fake promo. For one, her account was not linked to her postpaid number. Second, the verification code is sent by Netflix if someone suspicious is trying to log in the account, or if someone used the "forgot password" option.
Unfortunately, many still fall prey to these kinds of scams. In the Philippines, authorities have listed phishing as the top cybercrime for years now. It is a type of online scam where victims are tricked into giving sensitive, personal information to a disguised attacker via email.
The text message received by our editor is a new variant of phishing called smishing. As the COVID-19 pandemic continues and with the holidays approaching, it is important that you and your family are aware of the many types of scams out there in order to protect yourself.
What is smishing?
The term is a combination of the words ‘SMS’, also known as texting, and ‘phishing’. Smishing attacks are delivered by both traditional text messaging and non-SMS messaging apps. These attacks spread fast and are often unnoticeable due to their deceptive nature.
Types of smishing
Here are some common smishing attacks:
This type of scam is based on legitimate aid programs of the government, healthcare, and financial organizations for the COVID-19 recovery (read more here). Attackers use this strategy to manipulate victims’ health and finance fears. Warning signs from a message may include:
- Contact tracing that asks for sensitive info (social security number, credit card number, etc).
- Tax-based financial relief like stimulus checks
- Public health safety updates
- Requests to complete a census
Financial services smishing
Messages are masked as notifications from financial institutions. The most common premises are loans and investing in this category in which an attacker poses as a bank or a financial institution asking for an urgent request to unlock your account, or to verify a suspicious account activity, and more. (Read more here)
This is the most common type that almost everyone of us has received. This message suggests the promise of free services or products, often from a company or retailer. The idea of getting a freebie is exciting, which tricks the individual into taking action faster.
This includes giveaway contests, shopping gift cards or discounts, or any other offers that are just too good to be true. A common example of this is the famous message: “Your cellphone number won Php100,000. Send us an email to claim…”
How to protect yourself from smishing
The thought of getting fooled by fraudsters is scary, but the good news is that it is easy to protect yourself against it. The best thing to do is to just ignore the message and not do anything.
Global cybersecurity company, Kaspersky, listed some important reminders you need to keep in mind so that you can protect yourself from these attacks.
Do not respond
Some messages include prompts you can reply to, like texting “STOP” to unsubscribe from them. But it is actually a part of their trick to identify active phone numbers once you reply. The next time you receive one, just ignore it and refuse to engage.
Think twice even if a message seems urgent
Limited time offers and account updates can make you feel as if you'll be missing out on something big, but these messages are commonly used for smishing. Always remain skeptical and proceed with caution.
Call your bank or merchant directly if doubtful
Legitimate institutions will never request login information or give account updates via text message. Verify directly by contacting an official helpline by phone or checking your online accounts yourself.
Avoid clicking on links or contacting the info listed on the message. Go directly to official contact channels and websites for safety.
Check the phone number
Four-digit numbers may seem odd and can be evidence that the scammer is using an email-to-text service. This is one of the tactics of a scammer to hide their real phone number.
Never keep your credit card number or account information on your phone
To keep it from being stolen from your digital wallet, never put your financial information there.
Never provide a password or account recovery code to others
Passwords and text messages of two-factor authentication (2FA) recovery codes can put your account in the wrong hands. Never give this information to anyone, and use it on official websites only.
Download an anti-malware app
There are different anti-malware apps for Android and IOS that can protect against malicious apps and messages.
These are some of the tips to keep yourself protected from scams. According to our editor, you can report incidents directly to the National Telecommunication Commission if you have received a suspicious message. This is what she did after receiving the fake message.
Email the screenshots to email@example.com along with your complaint. You can also have the number of the scammer blocked by informing your telephone company.
Ever heard of the SIM swap scam? Click here for ways to avoid getting your identity stolen.