New modus exposed, PLDT Group flags unclickable links being sent by scammers

PLDT’s wireless unit Smart Communications, Inc. (Smart) continues to step up its measures against text scams. As Smart rolls out its improved blocking tool and boosts its #BeCyberSmart awareness campaign, it also warns against cybercriminals employing new strategies to reach potential victims.
 
“Smart’s much improved blocking capabilities have prevented a significant number of SMShing messages from reaching customers. But scammers keep looking for new ways to run their phishing activities. They now send unclickable links, but with the same goal of luring customers into opening malicious domains,” said Jojo G. Gendrano, SVP and Chief Information Security Officer at PLDT and Smart.
 
Based on Smart’s investigation, scammers replace the dots in a URL with another character like ‘underscore’ or ‘slash’ to mask or conceal the hyperlinks. They will then ask potential victims to manually copy the address, place it on their browser and replace the special characters with dots, thereby activating the link. Another method is sending what may look like IP addresses but are numeric clickable links.
 
Coupled with advancement in the PLDT Group’s cybersecurity tools, PLDT and Smart likewise engage customers to become force multipliers in the fight against SMShing and other mobile technology-aided crimes and #BeCyberSmart. Useful #BeCybersmart tips to identify phishing, the most common form of cyberattack, can be summed up in the acronym ‘SCAM’.
 
S is for ‘Suspicious’. Never answer calls or respond to messages from unknown persons or entities, especially those asking for one-time passwords or OTPs. Official bank and Smart agents will never ask for your OTP.
 
C is for ‘Clickbait’. Scam texts often bait victims with too-good-to-be-true offers or prize winnings, urging them to click the link to avail of the limited-time offer.
 
A is for ‘Alarming’. Scammers also prod potential victims to respond to the message or to click the embedded link by creating a false sense of alarm such as account suspension or loss of access.
 
M stands for ‘Malicious’. Whether sent via SMS or email, these messages are often accompanied by a link that leads to a phishing website.
 
If you receive suspicious messages or calls, please report them to cybersecurityincidents@smart.com.ph and cybersecurityincidents@pldt.com.ph or to Smart’s verified and official social media pages – Smart Communications on Facebook and @SmartCares on X – or call our hotline *888.