The National Telecommunications Commission (NTC) has directed the country’s three mobile operators to block domains or links sent via text messages.
In a September 12 memorandum signed by NTC Commissioner Gamaliel Cordoba, the agency ordered Dito Telecommunity Corp., Globe Telecom Inc. and PLDT Inc. unit Smart Communications Inc. to deactivate clickable person-to-person URLs or uniform source locators in text messages.
“Telcos are hereby ordered to block or deactivate domains or Uniform Resource Locators (URLs), TinyURLs, Smart Links and/or QR Codes emanating from malicious sites based on existing database culled from government agencies such as the NTC, National Privacy Commission(NPC), Department of Trade and Industry, law enforcement agencies, subscriber reports and those generated from machine learning or artificial intelligence,” the NTC memorandum read.
The telcos were also asked to submit a written report of compliance to the Office of the Commissioner on or before September 16.
The directive is in line with government initiatives to address the proliferation of the new variant of text scam that includes the name of the recipient.
Edgardo Cabarios, NTC consultant, told reporters in an interview on the sidelines of PLDT’s inauguration of its newly built Integrated Operations Center the NTC has been pushing for the passage of the subscriber identity module or SIM Card Registration Act to address the problem on text scam and spam messages which are likely being sent to around one million subscribers daily.
Based on the NPC’s initial investigation released last week, the data aggregators are unlikely to be the source of the recent wave of targeted smishing messages that specify the recipient’s name.
The NPC, through its Complaints and Investigation Division, observed from the smishing reports it received that the smishing messages appear to have been sent using specific mobile numbers registered to certain texting services.
As confirmed with the telecommunications companies, smishing messages which are sent using mobile numbers are possible through a phone-to-phone transmission. Such transmission is usually coursed through a telco’s regular network and does not pass through data aggregators.
NPC said it is continuously investigating potential sources and root cause of targeted smishing messages, such as patterns in the use of name formats that prospectively match the names of data subjects registered with popular payment applications, mobile wallets and messaging applications.
PLDT, Globe and DITO yesterday assured compliance to the NTC directive.
“Smart has been conducting such efforts in the past which has led to 342 million ‘smishing’ messages blocked as of August,” said Roy Ibay, Smart Communications vice president and head of regulatory affairs.
Globe said it has long been blocking spam and scam text messages including those containing malicious URLs or links as part of its ongoing effort to filter out dangerous SMS to protect our customers.
“We will coordinate closely with the NTC to come up with new solutions to further protect customers against online fraud.
We reiterate our call on all stakeholders to heighten vigilance and take proactive steps to support industry efforts against escalating threats.” Globe said in a statement.
Adel Tamano, Dito chief administrative officer, said the company supports the initiative of the NTC to protect the public from phishing, smishing, quishing, and other forms of illegal activities.
On recent reports of personalized message scams, Rakuten Viber said in a statement it has conducted a thorough internal investigation and assured its users that there is no breach of data within the app.
“Viber always prioritizes the safety and security of our users, and the Philippines is one of our top priority countries — we will continue to invest any resources needed to support our users. We are extending our willingness to cooperate with authorities to ensure the urgent resolution of this issue,” the company said in a statement on Monday.