‘Dapat walang clickable link’: BSP urges banks, financial institutions amid scam reports

July 21, 2022 - 2:03 PM
Illustration by Gerd Altmann via Pixabay

“Tanggalin ang clickable links sa emails o text messages.”

The Bangko Sentral ng Pilipinas in a memorandum called on banks and other financial institutions amid the still-existing reports on text scams on social media.

In a social media post on July 19, the BSP said that this advice was stated on Memorandum No. M-2022-015 that it released last March 22, 2022.

“Ayon sa BSP Memorandum No. M-2022-015, ang mga bangko at iba pang institusyong pampinansyal na pinangangasiwaan ng BSP ay pinapayuhang TANGGALIN ANG CLICKABLE LINKS SA EMAILS O TEXT MESSAGES na ipinapadala nila sa customers,” the central bank said.

The BSP also accompanied the post with an infographic that warned the public about the presence of text messages and emails with clickable links that are supposedly sent by banks.

Part of the graphic reads: “Ang emails at text messages na natatanggap mula sa bangko ay dapat walang clickable link.”

BSP then listed the following steps on what the public should do if they received these suspicious text messages or emails:

  • Huwag i-click ang link na ipinadala kahit mukha itong galing sa iyong bangko o e-money issuer.
  • Suriing mabuti ang natanggap na email o text message. Hindi hihingin ng bangko o e-money issuer ang iyong personal information, one-time password (OTP), o password sa pamamagitan ng email o text.
  • Ipagbigay-alam agad ang kaduda-dudang mensahe sa iyong bangko o e-money issuer.
  • Alamin ang control features ng iyong mobile at internet banking apps katulad ng transaction limits, multi-factor authentication, in-app OTP, notification, at iba pa.

In the memo, which was addressed to BSP’s Supervised Financial Institutions, the removal of clickable links was among the central bank’s industry-wide, anti-phishing measures.

“As financial transactions increasingly shift to electronic or digital channels, attacks on retail customers using mobile and internet/web applications have risen. The most prevalent among the schemes employed are account takeover and social engineering attacks that involve phishing and its variations (e.g. smishing and vishing),” the document reads.

BSP further noted that “these are intended to manipulate customers into disclosing sensitive personal and account information necessary to execute unauthorized transactions.”

“Fraudsters are adept in exploiting legitimate application features and business rules as well as in bypassing layers of controls,” it said.

Since 2021, there have been reports about receiving spam text messages that mostly offered sketchy job opportunities and promos from e-commerce websites.

RELATED: NPC probes reports of spam text messages on sketchy job offers, free cash deals 

Early this year, some Filipinos continued to share screenshots of the random texts they have received.

These messages have then varied from a supposed offer to the government’s cash aid to dubious delivery messages.

READ: New text scam? Client asked of private info via SMS before supposed item delivery

Some were also sent by verified institutions such as mobile wallet apps.

RELATED: SMS spoofing? Mobile wallet warns users of fake account update sent via text message