Globe Telecom Inc. said it is working with the government to stop the importation of spoofing devices that are being used for spoofing or for sending scam messages.
In a statement, Froilan Castelo, Globe general counsel, said fraudsters send malicious texts to subscriber identity modules (SIM) in a particular area in the guise of legitimate sender IDs using devices called the international mobile subscriber identity (IMSI) catcher.
These portable devices are imported either in full or in parts for assembly, then used for illegal activities.
IMSI catchers can be carried around on foot or inside vehicles to target SIMs in a certain area and force signals to downgrade to 2G, the old cellular network technology for voice calls and texts.
Fraudsters are able to send malicious texts to phones connected to their fake cell tower, appearing to be legitimate.
“We are working with the government to prevent the importation and use of IMSI catchers, which are the primary tools enabling these security breaches. We need more robust enforcement of the law concerning spoofing and the proliferation of this illegal equipment,” Castelo said.
He said fraudsters impersonate legitimate and trusted sender IDs, making it difficult for mobile users to detect they are being duped.
“SMS (short messaging system) spoofing is already criminalized under the Cybercrime Prevention Act. We are actively coordinating with law enforcement agencies to ensure the arrest of these spoofers,” Castelo said.
Globe has tightened the noose on scam and spam SMS through stricter blocking, including filtering out all person-to-person SMS with links and enforcing stringent regulations on app-to-person SMS with URLs.
Globe has also stopped using clickable links in its official customer advisories to help mobile users more easily distinguish between legitimate and spoofed SMS.
Meanwhile, Smart Communications Inc. yesterday warned customers to double-check links that are included in unsolicited SMS, even those supposedly coming from the network itself.
Smart reminded its customers that its legitimate domain is https://www.smart.com.ph and any other iteration is fake. Smart also reiterated that its official domain ends with “.com.ph”.
“We remind our customers to carefully inspect URLs before opening them. Criminals often use spellings very close to legitimate domains to deceive customers into thinking they’re opening official websites,” said Cathy Yang, PLDT Inc. and Smart group head of corporate communications.
Smart said it has recently denied owning the domain “smart-com-ph” that was used in the fake rewards text scam. Scammers used the fake domain to lead the victims to a fake site mimicking the Smart website, stealing the victims’ sensitive information.
Smart has since blocked the phishing domain, along with similarly crafted domain names, from its network.
