Illegal phishing activities in the Philippine digital sea
Most of these spam messages are phishing activities that attempt to access our personal identification, which then can be exploited by cybercriminals to include our bank details, credit cards and our financial history. We now ask— how did these senders of
aS if we don’t have enough problems already, but now we are suddenly subjected to a barrage of SMS spam messages ranging from job offers, selling of items at super-low prices, to winning lotteries we know we did not join. irritating, indeed, and we dismiss them as today’s version of yesterday’s telemarketing nuisance, testing our patience and always eating up our mobile data space. However, unlike phone marketeers in the past, this digital invasion goes beyond just aggressive selling. Most of these spam messages are phishing activities that attempt to access our personal identification, which then can be exploited by cybercriminals to include our bank details, credit cards and our financial history. We now ask—how did these senders of spam messages get our mobile phone information? is this just simply random and sporadic? and what have the telecoms companies done to combat this? What about the government agencies tasked to regulate the digital highway and guarantee our digital privacy, in particular the national Telecommunications Commission and the national Privacy Commission?
Though such incidents are nothing new, phishing activities began increasing towards the end of last year and escalated to its current levels right after the elections. In June of this year, Globe announced the blocking of more than 71 million spam messages and deactivated 5,670 mobile phone numbers. PLDT, the other telco giant, blocked more than 23 million malicious messages around the same period. There are of course the many illegal text blasters that were used during the campaign. But according to a former senior national privacy official, these massive text waves are caused by data brokers that work between telcos and entities that look at data banks to reach to their markets. In the early years of mobile marketing, these activities were closely guarded by the telcos that allow VAS (value added service) operators to have access to their subscribers for their promotions activities. But time has a way of changing things. Now we have a proliferation of data brokers that have gathered the subscriber information mined from third party sources. This happens usually during data gathering activities such as when we submit our numbers to join a raffle or an in-house promotion of a product. There is even talk that such data exploitation emanated from data acquired during the pandemic when all were required to submit their contact information for the needed contact tracing at that time. But going back to the massive spam tsunami we are now experiencing, it is possible that all of these are connected to global crime syndicates operating in other countries, which makes it all the more worrisome. It is no different to a physical invasion of a sovereign nation, but in this case, the hostile forces are now deeply entrenched in our digital shores.
So, going back to the questions we need to ask. What then are we doing about this? How about actions from the telcos and, more importantly, our regulators? Too bad the SIM Card Registration Act was vetoed by the last administration, as this would have been a massive barrier to such cybercrime activities. But the loss of its enactment must not give a reason for the government agencies tasked to ensure our digital safety not to move. First, these digital brokers or aggregators need to be reined in. Have them register and provide information on the sources of their data. For the telcos, instill better safeguard measures similar to what they did before when value added service providers were initially allowed access to their data. Telcos cannot just be tollways, extracting fees for the highways. They have to ensure digital order and safety. As for the government bodies, there are laws to enforce. Phishing is punishable by imprisonment of up to 10 years, though difficult to enforce. Enforcement can lessen such scams. A case in point was the massive data collected during the pandemic for contact tracing purposes. Should not those who collected them, including the many LGUS that made their own database, erase them or at the very least inform the owners of these numbers that such retention be renewed with their permission after 28 days as provided for by the law?
We live in a world where our lives are duplicated, replicated or threatened more in our digital universe.
Yet beyond knowing how to use our phones and engaging on social media, the majority of us are still digital infants who can easily succumb to cyber predators. Though indeed we need to be responsible for our digital lives, should it not be the government digital protectors and regulators, as well as the telcos, that should watch over our safety? Just like road safety signs and traffic enforcement by the government in our physical highways, it would still be our government institutions that should be there to make our digital journey as safe as possible.