Spoofing, used by scammers to pretend to be legitimate institutions such as banks, e-wallets, and telecommunications providers

Are you receiving messages or texts purporting to be from banks, e-wallets (such as “Maya” or “GCash”) or telecommunications providers and enticing you to click on the link contained therein?

The PNP Anti-Cybercrime Group (PNP-ACG) is warning the public against the “ spoofing scam” where scammers impersonate legitimate institutions, such as e-wallets, banks, and telecommunications service providers.

In spoofing scams, scammers use illegal devices such as so-called International Mobile Subscriber Identity or IMSI catchers to intercept mobile communications or signals. Using the illegal IMSI catcher, scammers are able to send messages that are not from legitimate companies such as banks, e-wallets, or telecommunications providers to deceive users. These messages contain a phishing link – and when the phishing link is clicked, scammers can obtain sensitive information for ‘account takeover’ or unauthorized access to users’ accounts.

Legitimate banks, e-wallets, or telecommunications providers will never send any SMS or text message with links that ask for users’ sensitive information– such as personal details, passwords, MPINs, or OTPs. To avoid this, find out if incoming texts or calls are genuine.

Find out what spoofing is and how it works. Spoofing is one of the most common types of scams. Users will receive private messages (PMs), texts, or calls from the scammer and pretend to be an employee of a well-known bank, service provider, or even a government agency.

For the purpose of the spoofing scam, the victim clicks on the phishing link in the PM or text that will allow their e-wallets and bank accounts to be hacked. If it is a phone call, the scammer will forcefully ask for the user’s sensitive details to use in the account takeover of their e-wallet, bank account and even social media profiles.

Know the origin of the message or call. Be critical of where a PM, text, or call is coming from. Legitimate e-wallets like “GCash” only use official and verified communication channels. If the message or call asks for personal information, it is definitely suspicious. Call the official hotlines first to make sure that the person who called or messaged you is legitimate.

Know the red flags. An important ‘red flag’ in a message or call is the ‘sense of urgency’ – scammers will insist that you send sensitive details immediately. Scammers use this to pressure victims into giving up their sensitive information.

Another sign is that when a link is included in the message banks or e-wallets like GCash will never send the link. Be suspicious especially when asking for MPIN or OTP because GCash will never ask for it. Only the user should know their password, PIN, and OTP

Only secure connections should be used. When using online banking or accessing the e-wallet account, make sure the Wi-Fi used is a private network because it is secure. Avoid using public Wi-Fi when accessing your bank accounts or e-wallet because it is open to cyberattack.

Report the suspicious ones. If you suspect that you have received a spoofing message or call, report it immediately to the PNP ACG. The public can contact the PNP-ACG using the hotlines at (02) 8414-1560 or 0998-598-8116, or via email at [email protected] .

Reminder again that banks and e-wallets will never ask for customers’ password or OTP.

“It is important for the public to be vigilant in all online and mobile transactions,” said Police Colonel Rommel S Batangan, Officer-in-Charge of the PNP ACG. “Cybercriminals are getting smarter, and scams are getting harder to spot. Remember, legitimate institutions will never send you links or ask for personal or sensitive information via text or call. If received you a suspicious message, always check and confirm it directly with your bank or service provider before taking any action,” he added.

It is PNP ACG’s desire to continue to promote a safe and secure digital space for Filipinos. PNP-ACG will continue to work together to keep the digital space safe for all.

For more information, just go to https://www.facebook.com/anticybercrimegroup.