PLDT, Smart warn vs 'social engineering'

[Mike J]

I am sure that I am not the only member who receives emails on a daily basis telling me the "bank" may have to restrict access if I don't log in and verify my information using the included link.  What really surprised was the remark that I high lighted in red.   That really opened by eyes and came as a shock.

https://www.manilatimes.net/2022/08/15/business/top-business/pldt-smart-warn-vs-social-engineering/1854584

CYBERCRIMINALS have been employing more sophisticated techniques in stealing their victims' valuable information.

While they may use different platforms or strategies to run their modus, PLDT and its wireless unit Smart Communications Inc. have identified "social engineering" as the go-to game plan of malicious actors on the internet.

"Cybercriminals, when interacting with potential victims, use a variety of psychological manipulation to trick the public into sharing sensitive data like passwords or personal information that hackers can use to log into the victim's various accounts including digital wallets," Angel Redoble, first vice president and chief information security officer of the PLDT Group, explained.

PLDT and Smart's Cyber Security Operations Group likens social engineering to the budol-budol modus of the 1990s where criminals would often concoct lies or pretend to be a personal acquaintance to coax the victim into handing over his or her money or valuables.

Fast-forward to the new millennium and fraudsters have moved to different platforms to run their criminal activities. 

It started with phishing, a type of social engineering where criminals send fraudulent emails with links to malicious sites. Often masked as promos or notices from legitimate companies, victims are tricked into clicking the link which directs them to a website that asks for their personal data.

Phishing activities have since found their way into other channels where fraudsters use voice calls or vishing, text messages or smishing and QR codes or quishing to deceive their victims.

Quoting data from Cybersecurity Ventures, the PLDT Group's CSOG said that cybercrime will cost the world more than $10 trillion annually in 2025, making the illicit industry more profitable than cross-border trade of illegal drugs.

Its impact is so great that if cybercrime were a country, data from Cybersecurity Ventures estimate that it will be the world's third-largest economy after the United States and China.

"It is best to adopt a culture of cybersecurity. We must be mindful of who we share our personal information with. When in doubt, end the call and do not open links from unverified sources," Redoble advised.

The efforts of PLDT and Smart to detect and block malicious messages, including SIMs and websites tied to fraudulent activities, are vital to the PLDT Group's much broader program to elevate the quality of customer experience by protecting them from threats and attacks.

[Dave Hounddriver]

3 minutes ago, Mike J said:

came as a shock

It sounds too much to be true, so I have to wonder how  CSOG come up with that estimate.  Almost sounds like a statistic and we all know how statistics lie.

That said, I get the same emails and phone calls as everyone else.  Starting to feel like good friends with "Daniel from Amazon" as the scammer robot calls at least once a day with the same BS.  Somehow the scammer manages to call from real numbers that belong to real local people, but when we call them back off with the caller ID it becomes apparent that these people had no idea their number was being used in a scam.

[OnMyWay]

A Filipino friend of mine posted this,

From our dads group: Please be aware of this modus. They even get you to speak to a "manager" when they sense you are doubting, background busy call center, and some info they got from your background. Never give any details or shut them down asap.

Yesterday, I was victimized by a scammer who called me on my cellphone and who claimed she was from my bank that I qualified for their rewards programs and service, etc. and that my credit card/ATM was due for replacement. She even volunteered information about my old address, transaction details I made in my account. So it must be legit. I can even hear background chatter like from a busy call center.

Convinced, this is where I made a grave mistake. She said that for verification in order for the cashback offer to proceed, she sent an OTP and asked me to confirm. I thought this was normal because my other bank also sends OTP and requires me to confirm. Difference is I usually was the one who made the call to my other bank that required me to verify the OTP. This time I was the one who was called and failed to see the ruse.

Since the call was ongoing, the call session appears on the whole screen and only the pop-up OTP number appeared and not the whole text message that has a warning on it. I stupidly made an error of dictating the OTP thinking I was speaking to a real banking agent. It was too late when I discovered that money was transferred to a GXI (Instapay). I read the whole text message too late. I ended the call immediately because I felt my heart literally skipped beating for a few seconds due to the shocking revelation I've been scammed.

I immediately called up my bank's hotline and was informed that a total of P75,000.00 was transferred from my account to a G-cash number. My online access has now been locked due to suspicious activity and I am yet to view the transaction details as well as the G-cash number recipient pertaining to this incident.

The bank assured me that they will investigate the matter within 20 banking days. But I know nothing will come out of it. I do not expect to recover my stolen money. I would earn that back anyway.

Beware of any callers claiming to be from your bank offering rewards programs, etc.

[Snowy79]

13 minutes ago, OnMyWay said:

A Filipino friend of mine posted this,

From our dads group: Please be aware of this modus. They even get you to speak to a "manager" when they sense you are doubting, background busy call center, and some info they got from your background. Never give any details or shut them down asap.

Yesterday, I was victimized by a scammer who called me on my cellphone and who claimed she was from my bank that I qualified for their rewards programs and service, etc. and that my credit card/ATM was due for replacement. She even volunteered information about my old address, transaction details I made in my account. So it must be legit. I can even hear background chatter like from a busy call center.

Convinced, this is where I made a grave mistake. She said that for verification in order for the cashback offer to proceed, she sent an OTP and asked me to confirm. I thought this was normal because my other bank also sends OTP and requires me to confirm. Difference is I usually was the one who made the call to my other bank that required me to verify the OTP. This time I was the one who was called and failed to see the ruse.

Since the call was ongoing, the call session appears on the whole screen and only the pop-up OTP number appeared and not the whole text message that has a warning on it. I stupidly made an error of dictating the OTP thinking I was speaking to a real banking agent. It was too late when I discovered that money was transferred to a GXI (Instapay). I read the whole text message too late. I ended the call immediately because I felt my heart literally skipped beating for a few seconds due to the shocking revelation I've been scammed.

I immediately called up my bank's hotline and was informed that a total of P75,000.00 was transferred from my account to a G-cash number. My online access has now been locked due to suspicious activity and I am yet to view the transaction details as well as the G-cash number recipient pertaining to this incident.

The bank assured me that they will investigate the matter within 20 banking days. But I know nothing will come out of it. I do not expect to recover my stolen money. I would earn that back anyway.

Beware of any callers claiming to be from your bank offering rewards programs, etc.

My bank you get sent the OTP and have to enter it on your phone key pad which is secure.  I regularly get one OTP sent from strange numbers and asking me to reply yes. These I'm certain are scams used by someone who has used my number to try and set up an account with Gcash or some phone loading software hoping I'm stupid enough to reply. 

[hk blues]

47 minutes ago, Snowy79 said:

My bank you get sent the OTP and have to enter it on your phone key pad which is secure.  I regularly get one OTP sent from strange numbers and asking me to reply yes. These I'm certain are scams used by someone who has used my number to try and set up an account with Gcash or some phone loading software hoping I'm stupid enough to reply. 

I guess the basic rule is that a bank would never send an unsolicited OTP - it is always in response to a customer request AFAIK.  

[Snowy79]

3 hours ago, hk blues said:

I guess the basic rule is that a bank would never send an unsolicited OTP - it is always in response to a customer request AFAIK.  

Yes.  My bank you have to phone them then they ask you a few question for security purposes to put you through to the relevent person, once they answer they explain they will send you a OTP which you must enter within so many seconds, once you've entered it they tell you they are free to discuss anything to do with your account but not to give out passwords, pins etc.