Hey Dude, you received a text from your bank or telco provider, saying you have huge amount of points expiring today, encouraging you to claim it right away. What will you do?
Hold your horses!!! It’s a scam called THREAD HIJACKING?
What is Thread Hijacking?
This scam is clever because it uses existing message threads you trust. Scammers can insert a message into an SMS conversation you’ve had with a legitimate company like G C a s h, G l o b e, S m a r t, or BDO.
The fraudulent message often claims your loyalty points are about to expire, and the points balance is large enough to redeem a valuable reward. It creates a sense of urgency with a strict deadline, pressuring you to click a malicious link without thinking.
How to spot and avoid it:
- Look closely. While the message appears in a trusted thread, the language may be slightly off or the offer too good to be true.
- Don’t click the link. Legitimate companies will not pressure you to click a link in an SMS to redeem points.
- Go directly to the source. If you get a message about your points, open the official app (e.g., G C a s h, BDO) or visit the company’s website directly to check your account. Never use a link from a text message.
The Tech Behind the Scam: How “Thread Hijacking” Works
Ever wonder how a scammer manages to get their message inside your official
G-C-a-s-h or BDO conversation? It’s not a hack of the company—it’s a hack of the cellular signal near you.
1. The “Fake Tower” (IMSI Catcher)
Scammers use a device called an IMSI Catcher (often called a “Stingray”). It acts like a mini cell tower. Because it broadcasts a stronger signal than the real towers nearby, your phone automatically connects to it, thinking it’s a legitimate G l o b e or S m a r t station.
2. The Security Downgrade
Modern 5G and 4G signals are very secure. To get around this, the fake tower forces your phone to switch to a 2G connection. This is called a “downgrade attack.” Older 2G protocols don’t require the tower to prove its identity, allowing the scammer to send data directly to your device.
3. “Sender ID” Spoofing
When the scammer sends the SMS through their fake tower, they don’t use a phone number. They use an Alphanumeric Sender ID. They literally type the name “BDO” or “G C a s h” as the sender.
4. The OS “Handshake”
This is the final trick. Your phone (iOS or Android) organizes messages by the name of the sender. When it receives a message from “G C a s h,” it looks at your history and says, “Oh, I already have a folder for G C a s h!”
It then places the scammer’s fake message at the bottom of your real transaction history. > The Takeaway: Just because a message is in a “trusted” thread doesn’t mean it’s safe. The phone is just following its filing system!
Too Dangerous, don’t get FOOLED! If you fall prey…. Follow these steps.
- Cut the Connection 📶 Immediately turn off your Wi-Fi and Mobile Data. If the link was trying to download a virus or “phone home” to a hacker, cutting the internet stops it in its tracks.
- Secure Your Money First 💸 If the link was about G C a s h, BDO, or your bank, log into the OFFICIAL APP immediately (using a different phone if possible, or after turning your data back on briefly).
- Check your balance.
- If you see suspicious activity, use the app’s “Lock Card” or “Logout all devices”
- Change Your Passwords 🔑 Change the password for the account mentioned in the text (and any other account that uses the same password). Do this from a different device if you suspect your phone might have downloaded malware.
- Check for “New” Apps 📱 Look through your app list. If you see something you don’t recognize (especially something with a generic name like “System Update” or “Rewards”), uninstall it immediately.
- Scan for Malware 🛡️ If you’re on Android, run a scan using a reputable mobile security app (like Bitdefender or Malwarebytes) to make sure no “spyware” was left behind.
- Report the Incident 📣 Report the scam to the company (e.g., G C a s h’s Help Center or BDO’s fraud hotline) so they can monitor your account for any weird login attempts.
Panic is a scammer’s best friend. You can still protect your data if you act fast.
Your digital safety is a superpower—don’t let anyone take it from you. Stay Informed!
