NPC links spam texts to global crime syndicate

NPC links spam texts to global crime syndicate

THE National Privacy Commission (NPC) on Tuesday said a global crime syndicate might be behind the recent Short Message Service (SMS)-based phishing attacks, or smishing.

Smishing attacks use text messages to trick mobile-phone users into visiting malicious websites.

“If our initial findings prove true, that personal data are being exploited by criminals abroad, then this also becomes a matter of national security,” Privacy Commissioner Raymund E. Liboro said in a statement.

Smart Communications, Inc., the wireless arm of PLDT, Inc., said it had observed a nearly three-fold increase in spam messages since June this year.

“While those blocked for phishing/scamming via SMS, e-mails, as reported by customers (banks) and through information we acquire via our threat intelligence operation, for the first 23 days of November alone, we have already hit a record number for any month this year, in terms mobile numbers blocked for phishing/scamming across all sources,” Smart said in a statement.

Smart blocked an average of 400 to 500 mobile numbers daily from Oct. 21 to Nov. 20. The numbers were linked to SMS hoax and spam.

The telco also blocked 40 domains and IP addresses used by online scammers, Smart noted.

On Monday, Globe Telecom, Inc. said that it deactivated 5,670 confirmed spam numbers and blocked nearly 71 million spam messages this year.

The NPC wants the country’s major telco operators, e-commerce platforms Lazada and Shopee, and some banks to report on their spam prevention measures.

“We have summoned them to detail their current and future measures to combat smishing,” Mr. Liboro said.

“Ultimately, we want to secure their commitment and focus in fighting these fraudulent practices so we can best strategize how to block these messages and protect our data subjects,” he added.

In October, the NPC said it had received reports of leaked contact tracing data, which resulted in phishing attacks via mobile phone texts.

The commission said the complaints linked the incidents to personal information given in contact tracing and health declaration forms.

But on Tuesday, the commission said: “The recent smishing activities are run by a global crime syndicate, not by a group that has gained unauthorized access to contact tracing forms, which was one of the first suspicions.”

Hastings Holdings, Inc., a unit of PLDT Beneficial Trust Fund subsidiary MediaQuest Holdings, Inc., has a majority stake in BusinessWorld through the Philippine Star Group, which it controls. — Arjay L. Balinbin