Network provider PLDT and its wireless unit Smart Communications Inc. (Smart) caution the public about fake advisories supposedly released by banks and digital wallets.
According to PLDT and Smart’s Cyber Security Operations Group, cybercriminals are getting more creative at imitating official communication materials of financial institutions.
“Without scrutinizing these fake advisories, one can easily be fooled into thinking they were officially released by the bank,” said Angel Redoble, FVP and chief information security officer at PLDT and Smart. “We need to take the time to go over these messages. Also, beware of calls supposedly coming from bank representatives. Cyber threat actors have become familiar with the dialogues used by official bank agents that they can sound very convincing.”
PLDT and Smart share the following tips to help the public protect their online banking accounts and avoid falling prey to scams.
Be vigilant about unsolicited communication. Do not trust unexpected emails, SMS, or calls requesting for personal information or login details like OTPs (one-time passwords). Banks or legitimate organizations never ask for these details over these channels.
Double-check the source. Scammers often use email addresses or URLs similar with the bank’s official communication channels. Watch out for misspelled words or slight variations.
Never share personal information. When in doubt, do not reveal personal information or other financial details.
Use strong, unique passwords for each account. Make sure that passwords are at least 14 characters long and combinations of small and capital letters, numbers, and special characters.
Enable multi-factor authentication (MFA) to create another layer of protection. It also notifies users of unauthorized attempts to open their account.
Regularly update software. This ensures that operating systems, web browsers and other applications are running the latest security patches against vulnerabilities.
Report suspicious activities. Reporting helps your organization develop an appropriate response to the threat and alerts the community, as well.
In September, PLDT and Smart reported that they had blocked more than 5.5 million SMShing messages. In the same month, Smart has blacklisted more than 21,000 mobile numbers involved in scams and fraudulent activities. The PLDT Group has also prevented more than 1.6 billion attempts to open malicious domains in the same period.