The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

            The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

“SMiShing is a security attack in which the user is tricked into downloading a trojan horse, virus or other malware onto his cellular phone or other mobile device.  SMiShing is a short term for SMS phishing.”¹ 

Smishing is any kind of phishing that involves a text message in an SMS or a phone number.  It uses elements of social engineering to get the trust of the victim in order to divulge personal information.  The information a smisher often targets an online password, social security number, credit card information and other personal information.  Once the smisher accessed this information, the smisher can then apply for new credit in the name of the victim.

Another mode that the smisher may use is to lure you to click on a link and enter personal information and warn you that if you do not click on it, you will be charged per day for use of a service. 

In many cases, smishing messages will come from a “5000” number instead of displaying the actual phone number.  This often indicates that the text message was sent via email to the cell phone and not sent from another cell phone.

Smishing has become increasingly common to smartphones.  Many smartphones allow you to simply click on a link in a text message to view the website in your phone’s browser.  This makes text messages effective “bait” for luring unsuspecting users to fraudulent websites.

RECOMMENDATION

PNP personnel and the public are advised to follow the tips to avoid being smished:

• If you notice any unauthorized charges on your credit cards or debit card statements, report it immediately to your bank.
• In general, do not reply on text messages from unknown sender.
• Do not click on links you get on your phone unless you know the sender. Better ask the sender if they meant to send the link before clinking on it.
• Do not visit website mentioned in text messages from unknown sources.
• Do not respond to smishing messages.

For additional information, please refer to the following websites:

Searchmobilecomputing.techtarget.com/definition/SMiShing

https://en.wikipedia.org/wiki/SMS_phishing

https://us.norton.com

POINT OF CONTACT

            Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru email address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.