Text blasts to blame for spam messages
The National Privacy Commission said the wave of targeted smishing messages received by most citizens today, containing the subscriber’s name, are not coming from data aggregators but done via phone to phones or more commonly known as text blasts.
During a public webinar on Wednesday, NPC deputy commissioner Leandro Angelo Aguirre said based on their initial probe, aggregators are unlikely to be the source of the text messages being received by mobile phone owners in the past months.
A data aggregator is an organization that collects data from one or more sources, provides some value-added processing, and repackages the result in a usable form. Sometimes, the data comes directly to the client through a sales or licensing agreement, although frequently data aggregators will act as an agent to enhance the clients’ data.
“The NPC, through its Complaints and Investigation Division, has observed from the smishing reports it received, that the smishing messages appear to have been sent using specific mobile numbers registered to certain texting services. As confirmed with the telecommunications companies, smishing messages which are sent using mobile numbers are possible through a phone-to-phone transmission,” according to Aguirre.
He said such transmission is usually coursed through a telecommunication company’s regular network and does not pass-through data aggregators.
“Contrary to a P2P transmission, data aggregators use an application-to-phone transmission. The messages received through this transmission will not appear to have come from specific mobile numbers, instead, they will come from a sender that has SMS ID (i.e., bank names, organization names, etc.) which identifies the data aggregator, or the brand or business name using the data aggregator’s services,” Aguirre explained.
Despite this, Aguirre said the NPC has been continuously investigating potential sources and root causes of targeted smishing messages such as patterns in the use of name formats that prospectively match the names of data subjects registered with popular payment applications, mobile wallets, and messaging applications.
He maintained the NPC is working closely with telecommunications companies in formulating countermeasures against the recent wave of targeted smishing messages.
“As a concrete course of action, telecommunication companies have blocked identified mobile numbers that sent smishing messages and are continuously blocking messages with malicious URL links associated with smishing,” he said.
Moreover, he said the NPC will pursue its investigation to its full extent and within the bounds of its mandate to protect the fundamental human right to privacy.
“Through relevant issuances, the Commission will be compelling entities involved to take firm action in addressing the possible privacy risk brought about by targeted smishing messages. The NPC further reminds the public to remain vigilant. They are encouraged to report incidents of targeted smishing through the NPC email, [email protected], or through its social media pages,” according to Aguirre.
Telecom giants PLDT-Smart and Globe earlier said they are escalating their efforts to curb text scams.
Globe, in a statement on Tuesday, said they already spent $20 million or roughly P1.1 billion to boost its competencies in detecting and blocking scam and spam messages from international and domestic sources, including app-to-person and person-to-person SMS.
It has already blocked about 784 million scam and spam messages, deactivated 14,058 scam-linked SIMs, and blacklisted 8,973 others, according to Globe.
Meanwhile, PLDT-Smart said in a separate statement that its parent telco PLDT invested nearly P3 billion last year to safeguard the public against emerging cyber threats and vulnerabilities and jammed roughly 11 billion attempts to open links associated with spam messages from January to August 2022.
Read more Daily Tribune stories at: https://tribune.net.ph/
Follow us on social media