ACG-CYBER SECURITY BULLETIN NR 379: The Cybersecurity Risks of Disinformation in Chain Messages

Posted on February 20, 2025

Reference Number ACG-CSB 020325379

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

Chain messages, the types of messages you are often asked to “forward to everyone you know,” may seem harmless but can carry serious cybersecurity risks. Many of these messages spread disinformation or false information created to mislead people. While they might look interesting or even urgent, these chain messages can hide a dark side, posing security risks to those who click, share, or believe in them.

***ALERT: NEW BANKING SCAM! *** Hackers are targeting bank accounts! Secure yours NOW: 1. Click here to check if your account is safe: suspiciouslink.com 2. Enter your bank login details for security verification. Share this with everyone – don’t let them fall victim! Stay safe!

URGENT HEALTH WARNING! A new virus is spreading fast in our area! Symptoms start mild but can become serious quickly. Protect yourself: 1. Click here to get the latest safety updates and prevention tips: fakelink.com 2. Fill out your health info to see if you’re at risk. Please share with friends and family – let’s keep everyone safe!

Chain messages also open the door to phishing attacks, which trick people into giving away sensitive information. For example, a chain message might claim to be from a bank or a government agency, urging people to take immediate action. If someone follows these instructions and enters their information, cybercriminals can gain access to personal data like bank accounts or social media profiles. With chain messages, phishing scams spread quickly, reaching large audiences and making more people vulnerable to identity theft and other financial losses.

Chain messages also take advantage of our natural instincts to share, especially when the content appeals to emotions like fear, curiosity, or sympathy. Cybercriminals use this tactic, known as social engineering, to encourage people to forward messages to others. By quickly spreading through friends and family, these messages create a wide network of potential victims who might not think twice before clicking on a link from someone they trust. This makes chain messages a powerful tool for cybercriminals.

Teenagers are especially vulnerable to the dangers of chain messages. Growing up online, they often trust and engage with social media, where these messages are common. Many chain messages play on emotions like curiosity, fear of missing out, or the excitement of sharing something “exclusive,” making teens more likely to click or forward without thinking. This increases their exposure to phishing, malware, and disinformation. Teaching teens to think critically about online messages can help them make safer choices and avoid these cybersecurity risks.

Adults as well are susceptible to chain messages, often because they’re less familiar with digital threats. These messages, promising health tips, urgent warnings, or financial advice, can seem trustworthy but often contain harmful links or spread misinformation. Without knowing the risks, older adults may unknowingly expose their devices and personal data. Teaching them how to recognize these threats empowers them to protect themselves and stop the spread of false information. Encourage friends and family to be vigilant about fact-checking before sharing chain messages and remind them of the risks of spreading unverified information.

RECOMMENDATION

The public is advised to follow these tips to avoid being a victim of chain mail disinformation:

Always verify the source of a message to ensure it is from a credible organization or official website before trusting its content.
Double-check the date of a message, as outdated or irrelevant information can continue to circulate and mislead people.
For important news or updates, rely on official sources like government websites or reputable news channels rather than forwarded messages.
Fact-check any claims made in the message using reliable fact-checking websites or trusted news outlets to avoid spreading false information.
To protect yourself from potential malware or phishing, avoid clicking on links or attachments in chain messages from unknown senders.
Be cautious of messages that create a sense of urgency, as they often aim to manipulate emotions; take a moment to think before reacting.

For additional information, please refer to the following websites:

https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
https://health.ucdavis.edu/cybersecurity/learning-center/spot-phishing-messages
https://www.slicktext.com/blog/2019/09/how-to-identify-a-text-scam/
https://www.aura.com/learn/how-to-identify-a-fake-text-message

POINT OF CONTACT

Please contact PLTCOL JERRY V EMPIZO, Officer-In-Charge, Cyber Security Unit, thru e-mail address csradacgroup@gmail.com or contact us by telephone number (632) 723-0401 local 7488 for any inquiries related to this CYBER SECURITY BULLETIN.