A cybersecurity experts yesterday warned that as the deadline for the registration of subscriber identification module (SIM) approaches, the risk of phishing attacks intensifies.
In a statement, Palo Alto Networks also said the increasing number of unregistered SIM cards exposes users to potential deactivation of their mobile services, disrupting their communication capabilities.
Citing data from the Department of Information and Communications Technology (DICT), Palo Alto said only 60.75 percent of the total 168 million SIM cards have been registered so far, leaving over 40 percent of Filipinos at risk of deactivation and social engineering tactics such as phishing.
It said scammers are taking advantage of the situation, employing SMS messages to lure users into sharing personal information via bogus registration links, posing a persistent and dangerous threat.
The DICT earlier said there will be no further extension of the July 25 deadline set by the national government.
In a typical phishing attack, Palo Alto said scammers will send fraudulent messages claiming to be from legitimate sources, like telecommunications companies, urging recipients to register their SIM cards by clicking on a link provided. Unsuspecting users, driven by fear of deactivation, may fall into the trap and unwittingly share their personal details, enabling cybercriminals to gain control over their accounts and exploit them for financial gain.
“Phishing attacks will persist as the SIM card registration deadline draws nearer.
Cybercriminals’ primary goal is to seize control of your number and exploit your OTPs (one-time passwords) to steal your money,” said Steven Scheurmann, regional vice president for Asean at Palo Alto Networks.
Palo Alto has advocated for mobile users to adopt Zero Trust principle by being vigilant whenever one needs to share sensitive information.
Palo Alto reiterated that mobile users should exercise caution when presented with unknown links, research and use official SIM registration procedure and use multi-factor authentication as an extra layer of security.
