Who’s leaking our personal info?
In November last year, the National Privacy Commission (NPC) summoned the data privacy officers of telecommunication companies to find ways to end a growing text scam victimizing Filipino consumers. Complaints mounted at that time about the thousands of text messages from random numbers offering nonexistent jobs to unsuspecting victims. Referred to as smishing, it is a cybersecurity attack carried out over mobile text messaging wherein victims are deceived into giving personal data that the perpetrators use to commit fraud, which usually is to steal money. A month later, 10 government agencies, led by the Cybercrime Investigation and Coordinating Center, created a technical working group against this fraud to intensify efforts to catch those behind the text spam epidemic.
It is now September and the problem seems to have turned for the worse, with the latest iteration of the racket specifically targetting potential victims as the text messages already contain their names. Supreme Court Justice Marvic Leonen last week highlighted the problem in a post on Twitter: “Unsolicited or scam text messages on our phones already contain our names. This means that there is a data provider out there that has leaked or sold or been careless about our information. This makes all of us now vulnerable. Very dangerous.” In response, NPC said it has started investigating the text scam reports and was working with the National Telecommunications Commission (NTC), the police anti-cybercrime group, and the major telcos to get to the bottom of the issue. NTC, for its part, directed Globe Telecom, Smart Communications, and Dito Telecommunity, to text blast their subscribers warning them against this new form of scam.
The feeling of helplessness among regulators is understandable. Personal information of millions of Filipinos is readily available on many social media and online selling platforms. The result is that personal data of unsuspecting individuals are being used to illegally tap into their bank accounts and siphon off their hard-earned money. A report by data analytics firm Fico last month showed that about 4.5 percent of adult Filipinos or five million individuals have claimed to have been victimized by identity theft. The report also noted that 6.7 million Filipinos believed their identity was used to open a financial account fraudulently.
The telcos are similarly hard-pressed to act on the growing public menace. While the NTC has directed them to “accelerate the process of blocking SIM (subscriber identity module) cards that are being utilized to perpetrate these fraudulent activities,” they can disable mobile numbers and delete malicious text messages usually only after receiving complaints. The magnitude of the problem is evident in the figures given by these companies. From January to July, Globe blocked 784 million scam and spam messages, deactivated 14,058 mobile numbers, and blacklisted 8,973 others linked to phishing during the same period. In just four days from June 11 to 14, Smart foiled more than 23 million texts linked to phishing sites, surging from only 600,000 scam texts from January to May.
Still, the gnawing question is: who is selling/leaking the numbers and personal information of users? Certainly, the telcos and digital companies keeping people’s data must know where to find these leaks in their systems.
Another immediate solution to resolving all these text scams is actually with Congress. It needs to swiftly act on bills mandating the registration of SIM cards. Early last July, Senators Grace Poe and Juan Miguel Zubiri refiled separate bills on this, but Poe’s measure requires SIM card registration for mobile devices and also for social media accounts. Then President Duterte vetoed last April the bill seeking to mandate the registration of all SIM cards specifically because it included social media accounts, which was not part of the original version of the bill and which needed “a more thorough study.” A similar bill was also refiled in the current House of Representatives by lawmakers led by Speaker Martin Romualdez, which pointed out that “having an unregulated SIM card market has given way to several mobile phone scams.”
Lawyer Rodel Taton, president of the Consumers Union of the Philippines, last week told the Inquirer that the scuttled SIM card registration law could have been a “good deterrent” to these text scams. “If there is (SIM card) registration, it is easier to track those whose purposes are entirely for the commission of harm, crime and such schemes,” he noted. Lawmakers should now act with dispatch in consolidating and passing the refiled bills on SIM card registration, minus the contentious social media provisions. While waiting for Congress to act, Filipinos have no recourse but to be on the lookout for potential hazardous texts. They are well advised to ignore messages from unknown senders and to not divulge any personal information. They also need to remember that if the message of a text is too good to be true, it most likely is a scam.
MORE EDITORIALS
