YK Poudel

Sangay Dorji, a corporate employee, fell victim to smishing recently.

Smishing is a phishing cybersecurity attack carried out over mobile text messaging, also known as SMS phishing.

Sangay Dorji received a WeChat message from an unknown number offering him employment with a travel agent company. After clicking the link, he lost his access to the account.

Bhutan Computer Incident Response Team (BtCIRT) under the GovTech Agency, previously the Department of IT and Telecom, recorded and resolved 31 incidents between October and December.

Scammers prey on naive social media users by hacking social media pages and posing as friends to borrow money with the promise to return or offer some benefits.



The human hackers ask for personal details or ask for a code to hack into your personal accounts.

Tshering Phuntsho received a WeChat message three days ago; one of his close friends asked him to help him with a code. “The friend said that he got his new phone and he had not installed WeChat yet. “I gave my number and the SMS code that appeared. After two minutes, I was unable to log on to my account. The link from the message directed to a website asking for personal information. Thinking that it might be a credible procedure, I clicked on the details and I lost access.”

Police have been using their social media pages to advocate and alert the public about scammers. “Many do not report the case, the division has been advocating and rendering help to the ones seeking assistance.”

BtCIRT and the police have asked the public not to accept or react to messages that involve sharing of personal credentials without proper communication.

Advertisement