MANILA, Philippines — Scammers use Facebook and Viber to verify their targets’ identities and mobile numbers, the National Bureau of Investigation (NBI) said Wednesday.
NBI officials led by Director Victor Lorenzo told the House of Representatives committee on information and communications technology — which is doing a probe on the recent phishing text messages received by thousands of phone users — that numbers verified through Viber can show who is currently using that specific account.
Lawmakers, including committee chair raised the question, and Navotas Rep. Toby Tiangco, after more recent texting scams showed the names of phishing targets — sometimes their full names.
“How do they get the numbers, and now they know even our names, before, there used to be no names included. So they can say it was random; they relied on luck. But now there are names; what is the possible reason — first of all, have you conducted an initial investigation, and second, where could they possibly source the names?” Tiangco asked in Filipino
“There are different sources of information if you can just get their phone numbers. For example, your Honors, if you have a generated phone number, you can easily check if it has a Viber account. At the same time, you could direct that to have a link if the number is also used by the person on Facebook,” Lorenzo replied.
READ: Text scam that knows phone user’s name raises alarm
READ: Telcos ordered: Cooperate in text scam probe
Lorenzo added that scammers could actually personalize phishing messages by looking at the Facebook profile of their targets. Once assessed, scammers can either offer employment scams, investments, or even “romantic” scams.
“For example, your Honors when you register your Facebook using your mobile number, if I have your number, I would also be able to see your FB account, then I would know your name. So it’s easy to send a communication with you inviting you to invest in something, and I could easily mention your name,” he said.
“At the same time if I’m going to have your FB account, at least more or less I can profile you as to how I can approach you, your Honor. Is it through investments? Through employment? Or maybe even through a love scam, the same thing, if they see in your profile that you need some companionship online, they would approach you like that,” he added.
Aside from these, scammers can also access phone books through online lending schemes, where allowing third parties to view phone books is a requirement for people applying for loans.
Lorenzo said this is also why some people’s names appear incomplete or different in phishing messages because the scammers depend on what name was designated to a particular contact in the person’s phonebook.
“As to online lending, in the first phase, you will click yes when they ask the permission if they could have access to your phonebook. Upon clicking that at the physical level, they will be able to copy all the contacts that you have in your mobile phone. There is a provision there that before you proceed with the second step, they will be asking if you will allow them to have access to your phonebook,” he said.
“Once you click that, they can copy the whole content of your phonebook. That’s why if you receive text messages, sometimes the numbers are incomplete, sometimes it’s just the name, nickname, sometimes without a surname, sometimes it’s only the surname. Because when we populate our phonebook, we place whatever name we want,” he added.
Both houses of Congress are crafting laws to do away with phishing text messages, especially after lawmakers received them. Lawmakers from the House and Senate believe that the proposed SIM card registration bill will curb such incidents, as state regulators and telecommunication companies will immediately know those behind a texting scam.
READ: Senators alarmed as they too become targets of text scams
READ: Senators push for immediate passage of SIM Card registration bill