PLDT Inc. wireless unit Smart Communications Inc. and Globe Telecom Inc. are working closely with authorities to address the proliferation of the new text scam that includes the name of the recipient but its initial findings showed there is no breach in their systems.
Last week, the National Privacy Commission (NPC) said it has started monitoring and investigating the rampant sending of scam and spam messages that contain subscribers’ names and phone numbers.
At the same time, the National Telecommunications Commission (NTC) has directed the mobile operators to block the subscriber identity module (SIM) cards that are being used for sending the latest variant of text scam.
Angel Redoble, PLDT and Smart chief information security officer, said in a statement based on the company’s recent investigations these unscrupulous messages are being sent through individual SIMs.
“These messages do not originate from aggregators or their customers. There is no evidence to suggest a breach in our systems that would have given perpetrators access to the mobile numbers and names of our subscribers. Upon scrutiny of these spam messages, we have observed the format of the names mimics the naming conventions used in popular digital services,” Rodoble said.
“We continue to work with the NPC, the NTC, and law enforcement agencies to assist in efforts to identify the perpetrators. At this early stage, and pending completion of investigations, we believe it prudent to hold off on any conclusion. Our focus should be on identifying the source of these scam messages,” added Leah Jimenez, PLDT and Smart chief data privacy officer.
PLDT and Smart said they have been fortifying their cybersecurity infrastructure, investing nearly P3 billion in 2021, to safeguard the public against emerging cyber threats and vulnerabilities, including online fraud and other criminal activities.
Smart said its efforts to detect and block malicious messages, including SIMs and websites tied to fraudulent activities, are part of a much broader program to elevate the quality of customer experience by protecting them from threats and attacks.
Globe, meanwhile, yesterday reiterated it has long put in place stringent measures to ensure the sanctity of customer data, bar attempts of third-party breach and guard against scammers. The company further stepped up its efforts at the height of the pandemic, when cybercriminals found new ways to dupe customers.
“We work closely with the NTC and the NPC in pursuit of our common goal to crack down on cybercriminals and protect data privacy. GCash also coordinated with law enforcement agencies such as the Philippine National Police-Anti-Cybercrime Group and the National Bureau of Investigation Cybercrime Division on reported scamming incidents, which have led to arrest and prosecution,” Anton Bonifacio, Globe chief information security officer, said in a statement.
To date, Globe has spent $20 million or roughly P1.1 billion in capital expenditures to boost its capabilities in detecting and blocking scam and spam messages of international and domestic sources, including app-to-person and person-to-person SMS.
Globe mobile wallet unit GCash is also set to move confirmation messages from text message inbox to the app inbox in a bid to improve security as well provide customers with easier access to their transaction history.
“GCash has been relentless in protecting the funds and personal data of our customers. Migrating the transaction confirmation messages from text messages to the app inbox will help ensure users are only getting legitimate messages regarding their GCash transactions,” said Ingrid Rose Ann Beroña, chief risk officer of GCash.
The e-wallet has been sending out text advisories about the migration to its customers.
The move to the app inbox starts this month with the transaction confirmation messages of the “pay bills” feature, followed by messages for the “send money” and “buy load” services. These will instantly be accessible in the GCash app inbox and will also be shown on the “Activity” button which has the transaction history.
Aside from migrating the transaction confirmation messages to the app inbox, GCash said it has been proactively putting in place various security measures to ensure customers’ safety and security.
To date, GCash was able to block 900,000 fraudulent accounts from January 2021 to March 2022 as well as helped arrest fraudsters.
