Beware of phishing scams as SIM card registration deadline looms

As the deadline for SIM card registration in the Philippines approaches, Palo Alto Networks is warning of an increase in phishing attacks targeting users. The Department of Information and Communications Technology (DICT) said there will be no further extension for SIM card registration which is set for July 25, 2023.

Take note that 40% of SIM cards in the Philippines are not registered yet. This means that scammers can use these unregistered SIM cards to send text messages that look like they are from legitimate sources, like telecommunications companies.These messages urge recipients to register their SIM cards by clicking on a link provided. However, the link is actually fraudulent and will lead to a website that steals the user’s personal information.

“Phishing attacks will persist as the SIM card registration deadline draws nearer,” said Steven Scheurmann, Regional VP for ASEAN at Palo Alto Networks. “Cybercriminals’ primary goal is to seize control of your number and exploit your OTPs to steal your money.”

To help users stay safe from phishing attacks, Palo Alto Networks recommends the following:

  • Exercise caution when presented with unknown links. Be wary of links received from unfamiliar numbers or sources, especially those claiming to be from your telecom provider. Avoid clicking on suspicious links, as they may lead to fraudulent websites designed to steal your personal information.
  • Scrutinize links for anomalies. Check for misspellings or unusual URLs in the links provided. Phishers often employ tactics such as using slight variations of genuine domain names to deceive users.
  • Research official SIM registration procedures. Familiarize yourself with your network provider’s legitimate process for SIM registration. This will help you distinguish between genuine communications and phishing attempts.
  • Stay informed on security measures. Some telecom providers and other organizations, such as banks, proactively block links via SMS to combat phishing attacks. Stay up-to-date with the security measures implemented by your trusted apps or organizations to enhance your protection.
  • Leverage Multi-Factor Authentication (MFA). Activating MFA provides an extra layer of security, acting as a vital firewall for your devices during this heightened risk period.

“To stay safe, it’s crucial to think before you click and remain vigilant whenever you need to share sensitive information,” said Scheurmann. “Embracing the Zero Trust principle and granting the least privilege to your personal data can significantly bolster your defenses against phishing threats.”