Privacy commission probes telcos on SMS scams, forms task force
MANILA, Philippines — The National Privacy Commission (NPC) on Wednesday said that it has formally launched an investigation of telecommunication companies and their transactions with data aggregators amid the plague of SMS scams.
“The National Privacy Commission (NPC) has formally launched an investigation into whether telcos exercised due diligence and accountability in transacting with data aggregators linked to the sending of texts offering spurious jobs and investment schemes to millions of Filipinos,” the Privacy commission said in a statement.
As the NPC explained, data aggregators could be legal entities tapped by companies such as global brands to act on their behalf and deal with telcos in blasting promotions and other company messages to their customers.
According to NPC, it already ordered on Monday Globe Telecom, Inc., Smart Communications, Inc. and Dito Telecommunity Corp. to submit within five days documents and information that would provide the Commission specifics on their data flows and transactions involving data aggregators.
The NPC said it also sent orders to Union Bank of the Philippines, Inc. and online wallet GCash, the main payment channels where victims are directed to deposit their investments.
Task group against online scam
The NPC also announced the formation of an interagency group dedicated to curbing smishing and text spam.
The group against online scams and fraud consists of the NPC, Cybercrime Investigation and Coordinating Center (CICC), Department of Information and Communications Technology (DICT), National Telecommunications Commission, Department of Justice (DOJ), Department of Trade and Industry (DTI), Department of Labor and Employment, Bangko Sentral ng Pilipinas, National Security Council and Anti-Money Laundering Council.
The CICC will serve as the lead agency and as the main receiver of complaints from cellular phone subscribers and will be tasked with forwarding the numbers used by scammers to telcos for blocking.
The NPC also pushed for “call and text attestation” to prevent a “privacy disaster.” NPC said that attestation can help the agency trace the owner of numbers used in calling or sending texts as it would be listed in a registry.
“At the meeting with the NPC on November 24, the data protection officers of Globe Telecom and Smart Communications revealed a complex chain of data aggregation and handling, involving data brokers, that is bringing new challenges to compliance and enforcement,” Privacy Commissioner Raymund Liboro said in the statement.
Meanwhile, the NPC said that telcos reported that the smishing and text spams were traced to China and India-webhosted companies.
In its report to the NPC, Globe in particular identified a data broker, Macrokiosk, that was tapped by a firm named China Skyline Telecom, as the primary source of messages that “share the theme of job hiring and contain a Whatsapp contact link.”
Globe said 1.55 million of such messages were sent through its network from Nov. 11 to 21 alone.
These announcements came due to a recent surge of spam messages advertising fake jobs through text messages regardless of the telecommunications company to which a person is subscribed.
An official of the NPC earlier said that international syndicates orchestrated the scam.