PLDT, Smart warn against ‘quishing’

PLDT and Smart’s Cyber Security Operations Group (CSOG) warns customers against scanning quick response or QR codes received from dubious entities on emails or messaging platforms. The PLDT Group’s CSOG says this could be a form of ‘quishing’.

‘Quishing’ makes use of a malicious QR code that when scanned, directs unsuspecting victims to a fake version of a legitimate website, and lures them into giving up sensitive information like login credentials.

“When victims enter their personal data on the fake website, the hackers will immediately capture them and use the information to take control of their various accounts including their digital wallets,” warned Angel Redoble, FVP and Chief Information and Security Officer of PLDT and Smart.

The use of QR codes for financial transactions has proven useful during the COVID-19 pandemic after the government required merchants to shift to electronic payment amid health-related restrictions.

So, how do you protect yourself against ‘quishing’? PLDT and Smart’s CSOG advises to scan QR codes that come from a trusted or known sender or source only. Before clicking a link, check the destination first. If it seems dubious, best not to visit it. Watch out for advertising materials that have been tampered with.

Other than QR codes, criminals also run ‘smishing’ or fraud over text messages and ‘vishing’ or voice calls to deceive their victims. These are different forms of social engineering or the use of deception to trick a person into divulging private or sensitive information that may be used for criminal activities. 

The group also warns against persons asking for your PIN (personal identification number), security code or OTPs (one-time passwords). To further protect customers, PLDT and Smart have blocked 203 URLs tied to text scams from June 10, 2022 to July 26, 2022.

“Remember what our parents taught us about not talking to strangers? This remains true to this day, whether you’re interacting in person or on your gadgets,” added Redoble.

The efforts of PLDT and Smart to detect and block malicious messages, including SIMs and websites tied to fraudulent activities, are fundamental to the PLDT Group’s much broader program to elevate the quality of customer experience by protecting them from threats and attacks.