MANILA, Philippines — Supreme Court Justice Marvic Leonen on Wednesday posted on social media site Twitter: “Unsolicited or scam text messages on our phones already contain our names. This means that there is a data provider out there that has leaked or sold or been careless about our information. This makes all of us now vulnerable. Very dangerous.”
Leonen is referring to the latest form of text scam that has made its way into the Filipinos’ inbox, mentioning specifically the name of the mobile number user and thus posing a cybersecurity threat to the public.
The National Privacy Commission (NPC) said on Wednesday it has started investigating the text scam reports.
In a message sent to the Inquirer, the NPC said it was working with the National Telecommunications Commission (NTC), the anticybercrime group of the Philippine National Police, as well as the major telecommunications companies to get to the bottom of the issue.
“We’ve started gathering information and discussing it with the NTC. We are also collecting information from the telcos because we find it alarming as personal information is involved,” the NPC said in a statement, noting that the scam messages seem to be targeted as these contained the names of the recipients.
Although not yet conclusive, the NPC said that one of their hypotheses was that the modus operandi has something to do with a popular e-wallet platform, noting that the formatting of the personal information included in the messages seemed familiar.
“We see this format from this platform. That’s one. Another, we also see this (format) in Viber and Telegram,” the NPC said, explaining that bots (automated software programmed to do specific tasks) were being used by unscrupulous groups or individuals.
Text blast
The NTC has instructed local telco players to text blast their subscribers warning them against this new form of scam, which usually offers fake job opportunities to entice victims.
Globe Telecom Inc., Smart Communications Inc., and Dito Telecommunity Corp. were tasked to do this from Aug. 31 to Sept. 6. The telco firms were ordered to submit a written report of compliance with the NTC on Sept. 9.
“The proliferation of fake job text, lucky winner and similar money scams targeting the general public has persisted over the month of August across telecommunications networks in the country, with the latest variant including the name of its recipient,” the NTC said in a memorandum.
Text scams are a type of phishing attack, which is a fraudulent activity wherein scammers trick users into giving out their personal and sensitive information. Having access to such data will allow the scammers to take over or use without permission the victims’ bank and other financial accounts.
NTC also directed the telco firms to “accelerate the process of blocking SIM (subscriber identity module) cards that are being utilized to perpetrate these fraudulent activities.”
Awareness drive
Globe said it was complying with the NTC order, noting that it has antispam and scam operations in place to block suspicious messages.
“We’re also continuing to help drive awareness to ensure that our customers do not fall for these types of malicious campaigns even if seemingly personalized,” Globe chief information security officer Anton Bonifacio said.
PLDT Group chief information security officer Angel Redoble, in a statement sent to the Inquirer, said there were “multiple formats of names” in these text scams.
“In some cases the name format is similar to what the user employs in their messaging platforms, vindicating multiple public sources. In other instances, scammers are using publicly available data to harvest names,” he explained.
Both telcos vowed to continuously monitor the situation to protect their customers.
As of press time, Dito has yet to issue a statement.
The magnitude of the problem is evident in the figures given by the telco companies.
From January to July, Globe blocked some 784 million scam and spam messages. It also deactivated 14,058 mobile numbers and blacklisted 8,973 others linked to phishing during the same period.
PLDT and Smart blocked nearly 78,000 SIM cards which were found to be connected to fraudulent activity from January to May. From June 11 to 14, they foiled more than 23 million texts linked to phishing sites. From January to May, it detected only 600,000 text scams.
Public nuisance
Lawyer Rodel Taton, president of the Consumers Union of the Philippines, told the Inquirer that the scuttled SIM card registration law could have been a “good deterrent” to these scams.
“The ordinary consumer and his data must be protected. Any breach is antipeople and violates rights,” Taton said.
“If there is (SIM card) registration, it is easier to track those whose purposes are entirely for the commission of harm, crime and such schemes,” he pointed out.
Infrawatch PH convener Terry Ridon said the NTC should compel telco firms to “explain the proliferation of text scams and spams using numbers under their respective networks, and ask whether steps are actually being undertaken to stop these messages.”
“These text scams and spams have basically been a nuisance in the last few months, and we have seen no real intervention by the government to stop it,” he told the Inquirer.
In the meantime, the NPC has advised the public to be wary of suspicious website links included in the scam messages.
It also urged the public to report these suspicious activities either by submitting a complaint on their website, https://www.privacy.gov.ph, or sending a message to their social media platforms.
RELATED STORIES
Wave of ‘latest variant’ text scams spurs NTC to step up awareness drive
Poe tells gov’t, telcos to beef up crackdown vs ‘unabated’ text scams
NTC says text scams remain ‘unabated’; presses telcos, offices to issue warnings