New SMS Scam Uses Clickable Number Links and Hidden URLs

sms scam

Smart Communications Inc. has issued a warning to users about a new type of SMS scam involving clickable numeric links and hyperlink masking.

New SMS Scam

According to their investigation, scammers are now using hyperlink masking to disguise URLs by replacing dots with other characters like underscores or slashes.

The new SMS scam process often involves instructing victims to manually copy the altered address, paste it into their browser, and replace the special characters with dots before pressing “enter” or “go,” leading them to a phishing site.

Additionally, scammers are sending what appear to be IP addresses but are actually numeric clickable links.

This warning comes after Smart implemented an improved blocking tool to prevent SMS scam from reaching subscribers. Despite these improvements, scammers continue to find new ways to conduct phishing activities.

Smart’s enhanced blocking capabilities have significantly reduced SMShing messages from reaching customers.
However, scammers now send unclickable links with the same intent of luring customers into opening malicious domains.

Jojo G. Gendrano, SVP and Chief Information Security Officer at PLDT and Smart

Smart advises users not to respond to messages or calls from unknown contacts, especially those requesting one-time passwords (OTPs).

1 1

They emphasize that neither their agents nor bank representatives will ever ask for an OTP.

Users should also be cautious of offers or prize winnings sent via SMS that urge them to click on a link, as well as messages that create false alarms about account suspensions or access loss, which often direct them to phishing sites.

Source: PhilStar