The National Privacy Commission said Tuesday it received reports of “smishing” where mobile users received unsolicited SMS messages allegedly due to the contact information they provided in COVID-19 contact tracing and health declaration forms.
Smishing is a type of phishing attack that targets victims through mobile text messaging or SMS. Smishing attacks occur when threat actors send text messages to trick subscribers into clicking malicious websites.
The privacy commission highlighted the importance of being vigilant and aware of cybersecurity attacks. “One of the best ways users can arm themselves against smishing attacks is to be aware of this kind of manipulation. Scrutinize the text messages you receive, especially if they come from an unknown number and request information about you. Be skeptical and don’t assume that every message you receive is genuine,” said NPC commissioner Raymund Liboro.
An example of a smishing scenario involves the activation of a dummy Facebook account. The text message sent to a user contains a code and a shortened link that, when clicked, binds the recipient’s mobile number to the dummy account.