Telco contractors may be sources of data in text scams

Woman using smart phoe

Woman using smart phone (INQUIRER.net stock image)

MANILA, Philippines — Contractors of the three major telecommunication companies in the country are among the likely sources of the personal information that were used in personalized text scam messages that have proliferated across the country, according to former privacy commissioner Raymund Liboro.

Liboro, who is also the founder of the think tank Privacy and Security by Design, told the Inquirer on Friday that data aggregators contracted by telcos Globe Telecom, Smart Communications Inc. and Dito Telecommunity could be responsible for the scam text messages that include the recipients’ actual names.

“These data aggregators are under the control of these telcos. They can obligate them to make sure that private information is not leaked to criminals,” Liboro told the Inquirer, citing a policy-driven solution to the increasing number of these incidents.

Aside from this policy approach to stop the problem, Liboro also suggested that telcos use technology-driven measures to stop its spread.

“The telcos have the capability to filter text messages by using keywords and banning the senders who are using those keywords,” Liboro said, but cautioned that mobile service providers need to recalibrate their platform so as not to affect the average cell-phone users who also use the same words in their day-to-day text conversations.

Liboro said that simply blocking the cell-phone numbers associated with these scams would not be enough since SIM (subscriber identification module) cards are easily replaceable.

A former official of the National Telecommunications Commission (NTC) agreed that there must have been some connivance in the text scam messages because personal data are not readily available.

“Someone should be punished here because someone leaked the information. It could not be taken from just anywhere,” former NTC deputy commissioner Edgardo Cabarios, who remains a consultant of the agency, said at a Palace briefing on Friday.

While spam messages could be random, he said text messages containing the subscribers’ names proved that personal information was leaked.

According to Cabarios, data from COVID-19 contact-tracing forms and applications could have been used in the recent incidents of scam messages.

“These are possible sources of breaches,” he said, renewing earlier calls to enact a SIM card registration law to aid authorities in tracing and prosecuting individuals behind text scams.

The 18th Congress passed a SIM card registration law but former President Rodrigo Duterte vetoed the bill in April because it needed “a more thorough study.”

RELATED STORY:
Text scam that knows phone user’s name raises alarm

Read more...