When you are online, nothing is completely private. Signing up to social media accounts and websites requires you to provide personal information that scammers can harvest, making you susceptible to schemes like the SIM swap scam.
Find out how this scam works to prevent it from happening to you.
How does a SIM swap scam work?
Scammer steals your personal information. By trawling through social networks and other online channels, the scammer obtains your contact details like your name, address, mobile number, and other sensitive information they can find.
Scammer pretends to be your service provider. Claiming to be an agent of your service provider, the scammer calls or texts you to offer a SIM upgrade or asks you to do the following: provide a One-Time Password (OTP), turn off your phone, send back a text, or hold the line.
You lose your phone signal. After the call or text, you lose your phone signal or your SIM stops working.
Scammer takes over your SIM. While your phone signal is off, the scammer may have requested for a SIM replacement of your registered mobile number from your service provider.
Scammer initiates online transactions that require OTP. After taking over your SIM, the scammer attempts a bank transaction, a purchase transaction, or any transaction that requires authentication through OTP via SMS.
SIM swap scam accomplished. Once the scammer receives the OTP, they can make various transactions like logging in to your bank accounts, making money transfers, and shopping online.
How to protect yourself from a SIM swap scam
1. Never share your personal information, especially sensitive banking details like OTPs, user IDs, passwords, card details, and card verification value (CVV). Anything you divulge online can become available to the public no matter how secure a website claims to be. Consider it unsafe to save personal information during a purchase checkout.
2. Immediately contact your service provider if your SIM suddenly stops working or you lose your phone signal. Ask if there has been a request to update your mobile information or upgrade your SIM, and cancel it right away to prevent financial loss.
3. Monitor transaction alerts. Make sure your email and mobile are configured to receive bank notifications and alerts. If you’re notified about a transaction that you didn’t make, call your bank right away.
4. Verify instructions first. Do not follow instructions given through call, text, or email asking for your personal information, especially urgent requests or a sudden account deactivation that requires confirmation. Call your bank or service provider to verify such requests.
5. Clear your web browsing activity after making online bank transactions and use private browsers whenever possible, especially if you’re using an unsecured connection like public WiFi or computers.Stay vigilant and updated on the ever-evolving forms of scams to protect yourself from falling victim to fraud.
If you received a text message from an unknown number, offering a job and an attractive compensation, be very careful. This is a scam.
The National Telecommunications Commission warned that several versions of SMS of job postings and offers that appear to come from hiring managers are making the rounds.
These are suspicious SMS that offer part-time or full-time jobs with a promise of a good pay. The recipient of the message is enticed to click on the link to know more details about the job opportunity.
This suspicious SMS is called "smishing," a type of fraud using text messages that tricks you into sharing your personal and bank information by clicking into a link that will lead you to a fake website.
If you happen to receive such a text message, here are tips on what to do:
So the next time you receive a random SMS from an unknown sender with an attractive job offer, think twice. It is a scam!
Beware of fake emails that’s going around. Here are three (3) signs you are being targeted for phishing:
Notice that the message seems personalized, urgent and instructs you to click on the link provided to confirm that you did not authorize the transaction. When clicked, this will lead you to a fake website asking for your login and personal information.
Remember: Metrobank will NOT initiate calls, SMS, emails or chats to ask for your bank account details.
Here's what you should do:
Fraudsters are taking advantage of the holidays.
Be alert if you received an email, SMS or online chat claiming you have been given "monetary reward" from your bank.
Here is an example of an actual holiday scam email:
What you should do:
Do not click on the link or button provided in the email. Do not reply to the sender nor should you provide any personal information.
Please report the incident by calling Metrobank Contact Center at (02) 88-700-700 and 1-800-1888-5775. Or forward the phishing email to firstname.lastname@example.org using “Report on Possible Fraud” as subject.
Beware of this phishing email that's going around.
Notice that the message seems urgent and instructs you to click on a link that leads to a website where you are asked to verify your account and provide personal details.
Remember, Metrobank will NEVER ask you to verify your personal and sensitive account information via a text message, a phone call, or via an e-mail message.
Here's what you should do:
Metrobank advises the public to be aware of scams and other forms of fraudulent activities using its name. Metrobank will NEVER ask you to verify your personal and sensitive account information via a text message, a phone call, or via an e-mail message.
The latest and most widespread fraud activity nowadays is a legitimate-looking SMS or text messages from your bank. It asks you to give your personal information to gain access to your bank account. This method is called "smishing," which combines the terms "SMS" and “phishing.”
The intent is to lure you to disclosing sensitive, personal data, such as banking records, user account information, passwords, and credit card information.
Smishing as fraudulent text messages
Here are examples of smishing:
These are text messages that look like it is from Metrobank. Often, the message is urgent and instructs you to click on a link that leads to a website where you are asked to verify and provide personal details. In this example, you’re being warned of an “account closure” if you fail to verify your mobile number. It will name drop the bank’s product, and will push you to act immediately so the matter is resolved.
What should you do:
Do not reply to the SMS, nor should you click on the link provided in the text message.
Take a screenshot of the SMS. Then, report it by attaching the screenshot to an email message and sending it to email@example.com using “Report on Possible Fraud” as subject.
You may also report the incident to the Metrobank Contact Center at (02) 88-700-700 or 1-800-1888-5775.
The holiday season is a time for fun, relaxation, and reflection. But it is also the season for fraudsters.
While we don’t want to spoil your holiday shopping plans, these are some of the common holiday habits that could lead to fraud. So, read on:
Lending your debit card to your child or family member. While there is nothing wrong with trusting your debit or credit cards to family members, you are also at risk of exposing your personal information. Card details can be mistakably shared to fraudulent websites when used to shop online. Remember, the responsibility falls on you to secure your card information.
Giving to ‘Christmas’ charities. Giving to charities is good. But fraudsters are now using charities to trick you into giving away your personal information, or worse, cash. Be wary of these dubious charities, especially those thriving online. There are legitimate organizations that deserve your Christmas donation.
Instagramming your travel. Never overshare personal information. While you love to share your recent adventures with friends and followers, you are also leaving yourself vulnerable to fraudsters who exploit your being away. Criminals target people who are away using information they gather on them through public social media posts. If you need to be away for a long vacation, be more discreet with your social media activities.
Winning an online raffle. If you receive an e-mail, an SMS or an online chat saying you won an online raffle, you’re close to being scammed. And because it is also the season for fraudsters, be wary of unknown messages received via these channels claiming you’re a winner of raffle that you don’t know of. Fake raffles use unknown or even private mobile numbers or a fake identity recently created on social media accounts. Legitimate raffles carry government certifications (such as those coming from the Department of Trade and Industry), a company name, and a promo period.