Header Ads

Breaking News
recent

Put anti-SMS cyberattack measures in place, banks told

The Bangko Sentral ng Pilipinas (BSP) on Friday advised banks and other financial institutions under its supervision to implement measures to prevent short message service (SMS)-based cyberattacks on their stakeholders.

In a memorandum, BSP Deputy Governor Chuchi Fonacier said cyberthreat actors remained relentless in harming BSP-supervised financial institutions (BSFIs) and their clients as the industry shifted to digital payments and financial services in response to the coronavirus disease 2019 pandemic.

“A predominant type of attack pertains to phishing campaigns [that] lure and defraud BSFI employees and customers to disclose user account credentials and sensitive information or to click malicious links,” she added.

Citing the results of the BSP’s ongoing cyberthreat surveillance, Fonacier said these types of attacks were increasingly carried out via SMS, better known as text messages.

One type, “smishing,” is a phishing activity in which users are tricked to click or download a malicious link to acquire information, such as passwords and/or one-time PIN (OTP) through SMS.

The effectiveness of this attack relies on the attacker’s ability to convince customers that quick action is required and that the message came from a legitimate or trusted sender.

Smishing is normally carried out in combination with SMS spoofing, in which the SMS sender’s ID is altered so that the message appears to come from a financial institution or entity.

“[F]inancial consumers can be easily victimized, since the fraudulent messages are co-mingled with the previous genuine/legitimate messages from the BSFI,” Fonacier said.

She reminded BSFIs to further intensify information security awareness and education campaigns for their employees, clients and other stakeholders against these attacks.

They should also revisit multifactor authentication control implementation to address inherent vulnerabilities and weaknesses arising from SMS-based sending of OTPs.

Since these attacks evolve quickly, BSFIs should adopt multilayer controls, including calibrating fraud management system rules and parameters, conducting threat-hunting exercises to detect unusual activities and taking down phishing sites.

“Lastly, as part of BSFIs’ consumer protection program, customers’ verification requests and complaints in relation to smishing and SMS spoofing incidents must be acted upon immediately to minimize financial losses,” Fonacier said.


Source: TheManila Times

No comments:

Powered by Blogger.