BSP warns public on rising text hijacking

The Bangko Sentral ng Pilipinas reminded the public to stay vigilant against unsolicited text messages urging users to click links that appear to come from banks, e‑money issuers, or other financial institutions.

The BSP said banks did not send text messages or emails with clickable links to customers in line with BSP Memorandum No. M‑2022‑015 issued in March 2022.

The central bank said it continued to receive reports of fraudulent messages that mimicked legitimate financial institutions.

The BSP said the scheme, known as text hijacking, involved scammers inserting fake messages into legitimate text threads to make the communication appear authentic.

The agency said these hijacked threads often carried malicious links aimed at stealing access to victims’ financial accounts.

The BSP said scammers usually paired these links with urgent prompts such as warnings on expiring rewards, unauthorized transactions, or account verification reminders to pressure recipients into responding.

The warning followed a broader rise in digital fraud cases in the Philippines, where regulators said cybercriminals increasingly exploited messaging platforms to bypass traditional security layers.

Text hijacking, security experts said, had become more sophisticated as criminals learned to infiltrate existing message chains rather than sending standalone spam texts.

The BSP urged the public to avoid clicking links in text messages or emails even if these seemed to come from banks or e‑money issuers.

The agency also advised users to enable multi‑factor authentication to secure their accounts.

The BSP reminded the public never to share personal or financial details with anyone.

The central bank said those with compromised accounts should immediately contact their bank or e‑money issuer through official channels, including https://bit.ly/BSPScamAlert.

The public was encouraged to report scammers to the DICT Cybercrime Investigation and Coordinating Center through https://cicc.gov.ph/report/.

The BSP also cited the PNP Anti‑Cybercrime Group Complaint Action Center as a reporting channel through https://acg.pnp.gov.ph/contact-us/.

Regulators said stronger public awareness was essential as cybercriminals continued to refine text hijacking techniques using spoofing tools and automated scripts.

Analysts said the Philippine government had intensified coordination among industry players and law enforcement groups to curb financial cybercrime.

The BSP said consumers should treat any unsolicited message—especially those involving money, rewards, or account access—as a potential threat.