Globe Telecom Dedicates Website Space to SMS Phishing Crisis: And They Made a Dramatic Move to Block Subscribers From Sending Messages with Links

Incredible. Globe Telecom in the Philippines has even devoted website space to the perils of SMS communication. You land on a page titled “We’re all in this together.” It’s fascinating that the idea has been propagated that employees and consumers should somehow shoulder the responsibility for mitigating risks that employers and service providers have yet to adequately address. Cybersecurity vendors seem at a loss to develop effective anti-phishing measures, even though phishing tactics have remained fundamentally unchanged. As far back as 2017, attackers were using reverse-proxy phishing to snatch not just login credentials but also MFA codes. So, it’s hardly a new or evolving threat.

The core tactics of phishing, which involve deceptive impersonation to fool individuals, have stayed remarkably consistent since their inception in 1996 on the AOL network — where I was personally targeted when hackers impersonated my admin screen name inside emails, chatrooms, and instant messaging. Whether executed through Email, Slack, WhatsApp, RCS, iMessage, Google Search, Twitter, or SMS, the essence of phishing remains the same. The confusion arises not from an evolution in phishing strategies, but rather from the emerging channels that cybercriminals exploit to carry out these deceptive schemes.

It’s not Globe’s fault that their customers are no longer permitted to send or receive SMS messages that contain a web link, it’s the fault of the cybersecurity industry…

While it may seem that the cybersecurity sector has been reluctant to offer solutions for SMS phishing, consider another angle. The capability to test the efficacy of these protective measures with a single SMS could deter big players like Palo Alto Networks, ProofPoint, and Cisco from entering the market. Why haven’t they offered a solution yet? The security market for SMS is likely to be bigger than that of Email Security.

Going forward, it’s reasonable to expect the security industry to shift its focus toward creating security protocols inspired by Zero Trust — the gold standard in cybersecurity. Traditional approaches, which rely on threat intelligence, are inadequate for handling deceptive URLs or web links in phishing attacks.

In the SMS phishing context, the Zero Trust model acts like a kill switch. It dictates that each message with a link should be considered a potential threat and allowed through the network only after the web link is verified as legitimate. If we can’t determine the legitimacy of the sender or message content, we must focus on the call to action — the link!