THE government and telecommunication companies in the Philippines called on the public Wednesday, September 7, 2022, not to fall victim to “smishing,” as they assured that they are doing everything to trace the sources of these fraudulent messages.
Smishing has been defined as the “fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.”
Several mobile subscribers have complained recently about text messages sent to their phone numbers with their names on it, with others fearing a breach in telcos’ data system.
Telecommunication companies, such as Globe Telecom, Smart Communications and Dito Telecommunity, assured, though, that there has been no breach in their systems.
Lawyer Michael Santos, chief of Complaints and Investigation Division of the National Privacy Commission (NPC), said in a webinar on Wednesday, September 7, that based on their investigation, data aggregators contracted by telcos and contact tracing apps are “unlikely” to be the sources of these unsolicited, personalized text messages.
He said the scammers are now adding the names of the subscribers to make it appear that the messages are authentic, making it easier for them to bait or scam people.
“Ngayon para mas mukhang kapanipaniwala, nilagyan nila ng pangalan para makita mo na sayo talaga dinidirect. We looked at the links and they point to gambling sites, bitcoin investment and other applications...They encourage you to click,” he said.
Santos added that the transmission is now phone to phone and the messages are sent through a text blast.
Such transmission is usually coursed through a telecommunication company’s regular network and does not pass through data aggregators, he said.
As to contact tracing apps, Santos said that as of this point, they are not discounting the possibility that this may have contributed to smishing, but based on how the names of persons used in the text messages, “wala sa top leads natin ang contact tracing.”
Albay Representative Joey Salceda hit the Inter-Agency Task Force for the Management of Emerging Infectious Diseases on Tuesday, September 7, for allowing contact tracing for coronavirus disease (Covid-19) to be done using multiple apps and databases, saying this could be behind the data breaches.
“The IATF did not push hard enough and enforce a single contact tracing app with a single database. That means [the IATF] had different data collectors, some of whom may not have been able to protect data... I don’t want to ascribe malice, but some of them may have even sold it,” he said.
But Santos said the text messages being sent nowadays only use the first name and surname initial. “Sa contact tracing, ang dami nyang alam, so magtataka ka kung bakit ganito lang. This is automated.”
“In our two years of monitoring, we did not see a leak and hindi mataas sa leads namin na galing ito sa contact tracing,” he added.
Santos is confident that as of now, the scammers only have the mobile numbers and names, the reason the messages entice people to click on a link to be able to get more data about the subscriber.
“So don’t click on the links,” he stressed.
He said the public can report to NPC the scams they get by sending an email to reportsmishing@privacy.gov.ph, or through its social media pages.
Santos also assured that the NPC is working closely with the National Telecommunications Commission (NTC) and telcos to put a stop to smishing, but he said it is not easy to identify the fraudsters.
“This is phone to phone... Hindi ganun kadali. May tech dito na involved. Kailangan ang tulungan ng government and telcos to pinpoint who are behind this,” he said.
Yoly Crisanto, chief sustainability and corporate communications officer of Globe, said Thursday, September 8, that the company is addressing the issues with the government through changes in its filtering systems and even product feature changes to protect the customers’ data.
She assured that there have been no data leaks from Globe and GCash.
“Hindi po nagkaroon ng data leak or na-compromised ang transactions ng GCash. Wala pong nangyayaring ganoon. No data leaks. Hindi po tayo nagbibigay ng mga pangalan ninyo, lalong-lalo na po sa GCash,” she said.
Irish Salandanan-Almeda, chief privacy officer of Globe, urged their subscribers to take a screenshot of the text message and upload it to the Globe website so they act on it.
She added that they have coordinated with banks, through the Bankers Association of the Philippines, to intensify the data and intelligence sharing and arrest the fraudsters.
“This is a shared fight against cybercrime. Kailangan nating magtulungan laban sa mga scams na ito,” Almeda said.
Angel Redoble, first vice president chief information security officer of the PLDT Group and Smart Communications, said they have conducted an internal investigation but they have not gone yet to the bottom of the problem.
“We need to get to the bottom of the problem by doing a joint investigation effort to identify the perpetrators,” he said.
He added that Smart has so far blocked close to 400 million messages and hundreds of thousands of numbers.
“Hindi ito pwedeng magawa lang ng isang private entity. This needs to be a whole of community approach so once and for all, we do something about this,” Redoble said.
For Dito Telecommunity, lawyer Roberto Miguel Raneses, its data protection officer, encouraged the public to also know how to protect their privacy, as what the telcos can do for now are just to block the scammers’ numbers and do some information campaigns.
“Blocking and customer and awareness are immediate solutions to this problem... The investigation of NPC and NTC, telcos continues. We are focusing on blocking for now, but education is also important. At Dito, we're looking into how to expand our customer awareness campaign,” said Raneses.
“Mas okay talaga na maging mapagmatyag sa ganitong mga messages. Di agad maniniwala,” he said.
Lawyer Maria Xandralyn Molina of NTC, for their part, said they will continue their information drive to remind the public to just disregard these text messages.
She said their regional offices in the country have been directed to also expand their information campaign against smishing and other online scams. (LMY)