Central Bank of the Philippines warns the public about text hijacking scams and reiterates that regulated institutions should not send clickable links via SMS or email

The Central Bank of the Philippines (Bangko Sentral ng Pilipinas) issued a public alert urging vigilance against fraudulent text messages that prompt recipients to click links, including messages that appear to come from legitimate banks, e-money issuers, or other financial institutions. It reiterated that banks will not send text messages or emails containing clickable links to customers, referencing BSP Memorandum No. M-2022-015. The BSP said it continues to receive reports of “text hijacking”, where scammers insert fake messages into legitimate text threads to make them look authentic. The messages typically include malicious links aimed at stealing access to financial accounts and often use urgent prompts such as expiring rewards, unauthorized transaction alerts, or account verification requests. The BSP advised the public not to click links in texts or emails, to enable multi-factor authentication, and not to share personal or financial information; it also advised contacting the relevant bank or e-money issuer through official channels if an account is compromised and reporting incidents to the Department of Information and Communications Technology Cybercrime Investigation and Coordinating Center and the Philippine National Police Anti-Cybercrime Group.