BSP again warns against fraudulent emails and SMS – Manila Bulletin

The Bangko Sentral ng Pilipinas (BSP) issued another public reminder on Tuesday August 9 to remain vigilant against fraudulent SMS and unsolicited emails, also known as SMiShing which is a variant of phishing.

These malicious texts or e-mails contain links that redirect the mobile user to highly suspicious websites, warned the BSP.

SmiShing is another phishing scam where a fraudster sends a text message to trick a user into clicking on a malicious link. “This malicious link, when clicked, automatically downloads malware and/or redirects to websites that collect information that could be used for fraudulent purposes,” the BSP said.

The central bank is again advising the public to protect their personal information and to carefully review messages even if they appear to be from banks, e-money issuers or known companies or brands.

“BSP reiterates that legitimate financial institutions will not request personal data and/or account credentials (e.g. username, password, OTP, or one-time PIN/password ) to their customers via text messages or by sending links to websites,” the BSP said.

These websites may have been created by scammers to trick a user into divulging login credentials, personal data, bank or credit card information or passwords, and to introduce mobile malware, a-t -he adds.

“While these websites may appear legitimate, fraudulent sites often contain spelling, punctuation, capitalization and grammatical errors. Banks, e-money issuers, and legitimate businesses go the extra mile to maintain professional websites free of such errors,” the BSP said. “Consumers who have experienced SMiShing attempts are advised to immediately report them to their banks or e-money providers,” it also said.

The BSP regularly reminds all its supervised financial institutions (BSFIs) to put in place “robust” measures against cyber fraud and attacks on their retail electronic payments and financial services.

The BSP has instructed OSFIs to remove clickable links in communications sent to customers by email or e-mail, as well as SMS or SMS.

As part of the risk analysis, OSFIs are also required to implement mandatory notifications for fund transfers exceeding a predefined amount, delays in activating new software tokens or new device registrations, and a cooling off period for key account changes.

Other control measures recommended by the BSP are personalized SMS and e-mails for banking services; prevent agents or bank representatives from obtaining critical information such as customer passwords, one-time passwords, or personal information numbers; create dedicated customer support teams for fraud cases; conduct educational campaigns against online scams; and adopt strong fraud monitoring mechanisms.

Most cyber incidents reported to the BSP target retail customers. These cybercriminals were not even “highly technical” or use advanced tools, the BSP said.

Based on BSP Cyber ​​Threat Monitoring, in 2021, the top three types of cyber incidents reported by OSFIs were: phishing; “card not present” fraud; and identity theft.

The most common cyber fraud is phishing and other variants such as SMiShing and vishing. This leads to account takeovers and social engineering attacks. These are intended to manipulate customers into disclosing sensitive personal and account information needed to perform unauthorized transactions.

“Card not present” is a fraud that does not involve the physical presentation of the card to the merchant and can be carried out online or over the phone.

The BSP received almost 10,000 consumer complaints in 2021 and, although not all of them related to cybersecurity, it is a significant part of the growing threats against financial consumers, both online and offline. line.



Comments are closed.