The National Privacy Commission (NPC) said its initial investigation revealed the recent smishing activities that swept the country in recent days are run by a global crime syndicate, not by a group that has gained unauthorized access to contact tracing forms.
NPC defines smishing as a form of phishing or a cybersecurity attack carried out over text messages. One of the first suspicions was that information and details of those who received the text messages were leaked from contract tracing forms.
Smishing and spam messages have also flooded mobile subscribers at times offering job and business opportunities.
NPC in a statement yesterday said it has summoned the data protection officers of telecom providers, electronic commerce firms and several banks to report their measures that combat the recent surge of text scams that have been soliciting and misusing personal information.
“We have summoned them (telcos, e-commerce platform operators and banks) to detail their current and future measures to combat smishing. Ultimately, we want to secure their commitment and focus in fighting these fraudulent practices so we can best strategize how to block these messages and protect our data subjects,” said Raymund Liboro, privacy commissioner.
In meeting with Globe Telecom, Smart Communications, Dito Telecommunity, Lazada, Shopee and several banks, NPC discussed potential coordination in exchanging crucial information to prevent the unlawful collection and misuse of personal data.
“We hope to find areas where the NPC and these industry players can establish a more proactive approach in fighting smishing and other scams, moving forward,” Liboro added.
Based on NPC’s initial investigation Liboro revealed the recent smishing activities are run by a global crime syndicate, but the agency did not elaborate.
“If our initial findings prove true, that personal data is being exploited by criminals abroad, then this also becomes a matter of national security, which should compel government, the private sector and advocate groups to work hand in hand and take more urgent and concrete action to safeguard,” Liboro added.
Liboro told data subjects to always scrutinize the messages they receive and not easily believe its lofty promises of easy, passive income opportunities and high-paying jobs.
NPC assured it will continue to monitor the situation and encouraged victims to immediately file a report against the malicious senders, especially if they think their personal data has been compromised.
Last week, telecom regulator, National Telecommunication Commission (NTC) directed Globe, DITO and PLDT mobile unit Smart and Sun Cellular to send a text blast to their subscribers to warn them not to believe a text message that offers a job and to not give personal details
Meanwhile, Smart and Globe have expressed support to government initiatives to stop the proliferation of text scams.
In a statement, Smart said it fully supports the move of the NTC, the NPC, and the Department of Trade and Industry to investigate and stop the surge on text scams.
From October 21 to November 20, Smart has blocked an average of 400 to 500 mobile numbers daily that have been found to be related to short-messaging service hoax and spam, and some 40 domains and IP addresses used by online scammers.
These follow the recent sudden spike in reports of SMS spam, where mobile users receive unsolicited but enticing messages from strange numbers, that then lead to an elaborate online phishing scam where the target mobile users end up falling victims to fraud.
Globe through a dedicated cybersecurity team has deactivated 5,670 confirmed spam numbers, and successfully blocked close to 71 million spam messages this year.
The company’s specialized teams are part of a larger internal cybersecurity and data privacy group that responds to spam complaints and proactively deals with spammers and scams.