PLDT Inc. (PLDT) and its wireless unit Smart Communications, Inc. (Smart) warn customers against vishing, or phishing over voice calls. Smart had earlier reported a marked decline in SMShing, or phishing over SMS, after it activated its new and more advanced network firewall.
“Criminals are quick to adapt. Now that our new firewall has made it harder for them to send text scams, they now resort to calling customers on their mobile phones or via over-the-top apps to lure them into revealing critical personal data,” warned Jojo Gendrano, SVP and Chief Information Security Officer at PLDT and Smart.
Vishing is a form of phishing done over voice calls. It’s a type of social engineering where fraudsters, pretending to be bank agents, call their potential victims to trick them into sharing personal information like log-in details, account numbers, and credit card CVV numbers. They may address the victim by his or her name to sound legitimate. They typically induce panic in their victims by warning them of account closure or suspension. These cybercriminals may also tell customers that they have been chosen for a free credit card upgrade and will only need to confirm their information to activate the new card. Either of these tactics is being used to persuade customers into revealing sensitive data.
Cybercriminals are getting more sophisticated, too. They have employed Artificial Intelligence (AI) to generate life-like voices or mimic the voice of a victim’s close acquaintance to gain their trust.
“Once criminals possess the necessary information, they will then take over the customer’s account, empty their savings or use their credit card information to make unauthorized transactions,” added Gendrano.
Smart recently activated its new and more advanced network firewall in the first half of July, significantly enhancing its capability to weed out text scams. The new cybersecurity tool was able to block as many as 30 million malicious texts in one day, leading to a notable decline in the number of SMShing messages reported by customers in July.
Smart continues to engage customers in the fight against mobile technology-aided crimes. Useful #BeCybersmart tips to identify vishing and other phishing attacks can be summed up in the acronym ‘SCAM’.
S is for ‘Suspicious’. Never answer calls or respond to messages from unverified or unknown numbers. Banks do not usually initiate calls nor send SMS asking for your bank account details. Likewise, official bank and Smart representatives will never ask for OTPs.
C is for ‘Clickbait’. Scam texts often bait victims with too-good-to-be-true offers or prize winnings, urging them to click the link to avail of the limited-time offer.
A is for ‘Alarming’. Scammers create a sense of fear or dread to prod potential victims into sharing sensitive information.
M stands for ‘Malicious’. Text scams or emails are often accompanied by a link that leads to a phishing website.
If you receive suspicious calls or messages, please report them to cybersecurityincidents@smart.com.ph and cybersecurityincidents@pldt.com.ph or to Smart’s verified and official social media pages – Smart Communications on Facebook and @SmartCares on X – or call our hotline *888.
