BSP warns media, information officers against phishing, SMiShing, vishing
By NiΓ±a Jonalyn Gambe-Diamante#
BUTUAN CITY (PIA) — The Bangko Sentral ng Pilipinas (BSP) Acting Director of the Consumer Account Protection Office, Attorney Alain Bert G. Regis, presented the common social engineering schemes of “phishing,” “SMiShing,” and “vishing” to the participating media practitioners and government information officers during their initiated media information session on June 19 in Butuan City.
The said schemes formed part of his discussion on Republic Act No. 12010, otherwise known as the “Anti-Financial Account Scamming Act (AFASA),” which BSP identified to be a relevant and timely topic given the rise of digital payments, online banking, and other digitalized transactions containing confidential information of users prone to scamming.
The most common of the three tactics is ‘phishing’ which usually comes in the form of emails. Enclosed in the emails are malicious information from senders pretending to be authorized representatives from trusted companies.
Also included in the emails are clickable links which scammers use to illegally access the recipient’s data which, by the time the victim clicks it, a malicious software will enable the scammers to download the victim’s personal data, and worse, their online banking details.
Banks are the most widely used institutions by which scammers pose as a legitimate sender knowing that recipients would immediately respond with the fear of losing their funds.
Another social engineering scheme is called ‘SMiShing,’ derived from the acronym, ‘SMS’ which means ‘short message service,’ more widely known as text messages, combined with the word ‘phishing.’
In the case of SMiShing, the scammer uses text messages with erroneous information and clickable links to illegally access the user’s phone data and applications, similar to that of phishing.
“Please refrain from clicking any link from suspicious emails and text messages as more and more people have been victimized by scammers using these tactics. We crafted the AFASA and strived hard to have this approved as our response to the outcry of casualties brought about by those malevolently abusing the convenience of technology,” said Regis.
The Bangko Sentral ng Pilipinas (BSP) took a firm stance against clickable links in texts and emails to combat phishing and other cyber fraud. In Memorandum No. M-2022-015, issued in March 2022, the BSP advised all banks and financial institutions to remove clickable links from messages sent to customers.
The BSP emphasized that emails and texts from banks should not contain clickable links, warning that scammers often use these to lure victims into fake websites.
Vishing is another social engineering scheme, this time, with the use of voice or through phone calls. Scammers call their prospect victims pretending to be a bank representative, technical support staff, or even from the government urging their victims to divulge personal information or to make a payment.
Credit card users are the usual target of vishing with scammers providing false information about their bank accounts or asking them to update their personal information as part of their fake bank verification.
Scammers even go as far as asking for the one-time password (OTP) of victims to be able to make purchases with the use of the victim’s credit card information without their knowledge.
“We call on our media partners and government information officers to help us educate the public and disseminate this information in our goal to minimize, if not eradicate the cases relating to AFASA,” urged Regis.
With the rising cases of fraudulent transactions, the BSP takes advantage of any opportunity where they can conduct information drives or seminars on the AFASA as part of their mandate of promoting a safe and stable financial system, as well as to protect the welfare of the financial consumers. (NJGD/PIA Caraga)
