PLDT and wireless unit Smart Communications, Inc. (Smart) have uncovered the new strategy fraudsters are using in the infamous SMS spam-based scam.
Recent undercover work by the group’s cybersecurity operations team bared that the link found in newer text messages directs customers to a group chat in the messaging application WhatsApp. PLDT and Smart information security agents believe that the group chat administrators are part of the syndicate who could be locals operating in the Philippines. The scammers claim to be representatives of a popular Japanese department store chain looking to invest in the country.
“They’re herding potential victims into one group chat where they explain the supposed job or income opportunity. Similar with previous engagements, the fraudsters will ask customers to sign up on the syndicate’s platform, link up their digital wallet, and shell out money to invest in the program,” explained Angel Redoble, FVP and Chief Information Security Officer of the PLDT Group, ePLDT and Smart.
To validate their claim, fraudsters even show victims supposed DTI certificates. Redoble added that a dedicated customer service representative (CSR) will privately message a customer if he or she has questions.
“Before disabling the chat function, the administrators will advise customers to refer to their assigned CSRs for guidance,” continued Redoble.
Cybersecurity experts from PLDT and Smart also discovered another group chat targeting newcomers. Redoble noted that the scam operators in both groups pretty much follow the same script often used by marketers in Ponzi schemes to lure potential victims.
“We believe that some members in the chat who post testimonials about making money from these investments are co-conspirators,” Redoble added. Victims are then instructed to transfer the initial amount to a mobile wallet or a bank account to begin participating into the scheme.
Once hooked, victims are asked to complete tasks by purchasing items, clicking links or watching YouTube videos to earn commissions.
Likened to a digital pyramid scheme, PLDT and Smart investigations revealed that, in both groups, fraudsters encourage members to bring in friends and relatives to boost their payout.
“There are different membership tiers depending on the amount you shell out. The higher tiers promise bigger returns,” said Redoble.
PLDT and Smart have intensified efforts against the scam preventing more than 75,000 attempts to open the phishing sites.
“These domains are no longer accessible to Smart customers. We are closely watching this fraudulent activity so we can further beef up our cyber defenses and protect customers from getting scammed,” assured Redoble.
PLDT and Smart continue to engage government authorities and other stakeholders to put an end to the SMS-initiated investment scam. The Group is set to report its recent findings to the National Privacy Commission.
To report suspicious and unsolicited text messages to PLDT and Smart’s Cybersecurity and Operations Group, mobile subscribers may send an email to firstname.lastname@example.org.
Featured image from Unsplash