PUBLIC TOLD: IGNORE ‘SMISHING,’ TEXT SCAMS
THE national government and telecommunication companies warned the public Wednesday, Sept. 7, 2022, not to fall victim to “smishing,” as they assured that they are doing everything to trace the sources of these fraudulent messages.
Smishing has been defined as the “fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.” Several mobile subscribers have complained recently about text messages sent to their phone numbers with their names on it, with others fearing a breach in telcos’ data system.
Telecommunication companies, such as Globe Telecom, Smart Communications and Dito Telecommunity, assured, though, that there has been no breach in their systems.
Lawyer Michael Santos, chief of Complaints and Investigation Division of the National Privacy Commission (NPC), said in a webinar on Wednesday that based on their investigation, data aggregators contracted by telcos and contact tracing apps are “unlikely” to be the sources of these unsolicited, personalized text messages.
He said the scammers are now adding the names of the subscribers to make it appear that the messages are authentic, making it easier for them to bait or scam people.
Santos added that the transmission is now phone to phone and the messages are sent through a text blast.
Such transmission is usually coursed through a telecommunication company’s regular network and does not pass through data aggregators, he said.
As to contact tracing apps, Santos said that as of this point, they are not discounting the possibility that this may have contributed to smishing, but based on how the names of persons used in the text messages, “wala sa top leads natin ang contact tracing.”
IATF to blame?
Albay Rep. Joey Salceda hit the Inter-Agency Task Force for the Management of Emerging Infectious Diseases (IATF) on Tuesday, Sept. 7, for allowing contact tracing for coronavirus disease 2019 (Covid-19) to be done using multiple apps and databases, saying this could be behind the data breaches.
“The IATF did not push hard enough and enforce a single contact tracing app with a single database. That means [the IATF] had different data collectors, some of whom may not have been able to protect data… I don’t want to ascribe malice, but some of them may have even sold it,” he said.
But Santos said the text messages being sent nowadays only use the first name and surname initial.
“Sa contact tracing, ang dami nyang alam, so magtataka ka kung bakit ganito lang. This is automated. In our two years of monitoring, we did not see a leak and hindi mataas sa leads namin na galing ito sa contact tracing,” he added.
Santos is confident that as of now, the scammers only have the mobile numbers and names, the reason the messages entice people to click on a link to be able to get more data about the subscriber.
“So don’t click on the links,” he stressed.
He said the public can report to NPC the scams they get by sending an email to reportsmishing@privacy.gov.ph, or through its social media pages.
Santos also assured that the NPC is working closely with the National Telecommunications Commission (NTC) and telcos to put a stop to smishing, but he said it is not easy to identify the fraudsters.
Telcos assure customers
Yoly Crisanto, chief sustainability and corporate communications officer of Globe, said Thursday, Sept. 8, that the company is addressing the issues with the government through changes in its filtering systems and even product feature changes to protect the customers’ data.
She assured that there have been no data leaks from Globe and GCash.
Irish Salandanan-Almeda, chief privacy officer of Globe, urged their subscribers to take a screenshot of the text message and upload it to the Globe website so they act on it.
She added that they have coordinated with banks, through the Bankers Association of the Philippines, to intensify the data and intelligence sharing and arrest the fraudsters.
Angel Redoble, first vice president chief information security officer of the PLDT Group and Smart Communications, said they have conducted an internal investigation but they have not gone yet to the bottom of the problem.
He said Smart has so far blocked close to 400 million messages and hundreds of thousands of numbers.
For Dito Telecommunity, lawyer Roberto Miguel Raneses, its data protection officer, encouraged the public to also know how to protect their privacy, as what the telcos can do for now are just block the scammers’ numbers and do some information campaigns.
Lawyer Maria Xandralyn Molina of NTC, for their part, said they will continue their information drive to remind the public to just disregard these text messages.
She said their regional offices in the country have been directed to also expand their information campaign against smishing and other online scams. /