SMART Communications Inc. (Smart) continues to dig deeper into the recent text scams that have been plaguing the public lately.
Based on the investigation conducted by its Cyber Security Operations Group (CSOG), the messages are being sent by individual SIMs and do not come from aggregators or their clients.
“There’s no recent cybersecurity incident that may have allowed criminals to breach our infrastructure and steal customer data to be targeted in their fraudulent activities,” said Angel Redoble, FVP and Chief Information Security Officer of PLDT and Smart. “We believe that the recent smishing attacks are being perpetrated by local operators. We continue to work with law enforcement agencies to track down the criminals.”
Based on Smart’s close coordination with the Philippine National Police (PNP) and the National Bureau of Investigation (NBI) that ran simulation tests on the scam, the culprits may have used a popular e-wallet and an online messaging platform to harvest the names of subscribers.
“Our initial investigation showed that criminals may have acquired or bought the data from different establishments. Then, they ran the mobile numbers on GCash and Viber to get the names of the subscribers and use them on their messages,” said Christopher M. Paz, Chief of the NBI Cybercrime Division.
“To clarify, the infrastructure of GCash or any digital wallet has not been compromised. The criminals simply checked the mobile numbers if they are subscribed to the platform. The scammers seem to have found a way to automate the harvesting of names from different sources. Another possible source also are some mobile loan applications that are designed to extract personal information from smartphones where they have been installed,” Redoble added.
Smart continues to intensify its campaign against “smishing,” blocking more than 11 billion attempts to open links associated with spam messages from January to August of this year. This was made possible by the company’s efforts to prevent access to more than 9,000 Uniform Resource Locators (URL) tied to the illegal activity.
Complementing this strategy is Smart’s SMS Firewall Blocking that has prevented more than 300 million malicious messages from reaching its customers in the first eight months of the year. Smart further shored up its defenses against spams, hoaxes, and smishing activities by blacklisting around 167,000 listed accounts that have been found to be sources of these fraudulent messages.
PLDT and Smart have been fortifying their cybersecurity infrastructure, investing nearly P3 billion in 2021, to safeguard the public against emerging cyber threats and vulnerabilities, including online fraud and other criminal activities.
Smart’s efforts to detect and block malicious messages, including SIMs and websites tied to fraudulent activities, are part of a much broader program to elevate the quality of customer experience by protecting them from threats and attacks.