Maya flips scam playbook with holiday SMS bait to inoculate users

Insider Spotlight

• Maya used a scam-like SMS to teach users how fraud actually works
• Holiday timing mirrors peak season for phishing and spoofed messages
• Campaign earned organic traction across Reddit and Facebook
• Reinforces Maya’s long-standing no-links, no-OTP-by-SMS rule

Maya is taking an unconventional approach to scam awareness this holiday season, rolling out a creative twist on its ongoing ScamPatrol consumer education campaign that is drawing strong organic reactions online.

Instead of issuing a standard fraud warning, Maya sent users a message that looked almost indistinguishable from a real scam. The SMS appeared to offer a Christmas gift worth P3,000 and included a clickable link. Users who tapped the link were redirected not to a reward, but to a landing page reminding them of a critical rule: never click links or share sensitive information via text, even if the message appears to come from Maya itself.

Why it matters

Online scams typically spike during the holidays, when users are distracted, transactions increase, and messages promising rewards or urgency feel more believable. Maya’s approach flips the usual awareness model by allowing users to experience the moment of vulnerability before delivering the lesson.

The big picture

The campaign reflects a real and growing risk in the Philippine digital banking landscape. Scammers increasingly use illegal cellsites and IMSI catchers to hijack or spoof legitimate SMS threads, making fraudulent messages appear as if they were sent by trusted institutions. During the holidays, these tactics are often combined with fake rewards, delivery notices, or urgent account alerts designed to bypass skepticism.

How it works

Maya’s idea was intentionally simple. Meet scammers where they operate, then stop users just in time. By mimicking the exact structure and emotional hook of a common scam, the campaign creates a memorable learning moment that traditional advisories often fail to achieve.

What Maya is reinforcing

The message behind the stunt aligns with guidance Maya has consistently communicated to users: Maya will never send links or ask for one-time passwords or account credentials via SMS. The landing page makes that rule unmistakably clear, turning a moment of risk into a lasting reminder.

What people are saying

The execution has sparked discussion across Reddit and Facebook, with users sharing screenshots and reactions, many admitting they initially believed the message was real. The organic engagement suggests the tactic resonated precisely because it mirrored the scams people fear most.

Bottom line

As fraudsters exploit the holiday rush with increasingly sophisticated techniques, Maya’s ScamPatrol twist shows how experiential education can cut through the noise. By teaching through near-miss experience, the campaign delivers a timely reminder that vigilance starts before the click.

— Edited by Daxim L. Lucas