The National Privacy Commission said Thursday the public should expect fewer SMS spam in the coming days, as the country's telecommunications providers were ordered to ramp up efforts to fight cybercrime.
“It has been reduced. We ordered the telcos to intensify their anti-spam campaigns,” NPC Commissioner Raymund Liboro told Teleradyo.
Regulators earlier asked telcos to use their SMS blasting capabilities to warn users against clicking the link contained in spam messages.
If they click, they will be led to phishing sites where they will be asked to invest their own money before receiving promised commissions stated in the SMS job offer, Liboro said.
At the same time, the Commission on Human Rights lauded the National Privacy Commission for securing the commitment, cooperation, and efforts of banks, telecommunication companies and e-commerce platforms to fight current and future smishing.
“It is crucial for the government and private sector to work together to protect the privacy and data of individuals amid the surge of spam text messages that are flooding many people's SMS or short message service inbox,” spokesperson Jacqueline Ann de Guia said.
Smishing — phishing but in SMS form —lures people into opening a malicious link that can result into a serious data breach. It includes access to the data subject's login credentials, bank details and other sensitive information.
Globe Telecom and Smart Communications Inc. said they have been blocking numbers, messages and IP addresses linked to illegal activities.
Liboro said investigations led the NPC to believe that a global organized syndicate could be behind the scam, adding the agency was also looking at data aggregators that could have been used by cybercriminals for spam.
Meanwhile, a congressional leader filed a resolution urging government agencies to take immediate legal action to stop the alleged misuse of contact information in the wake of a spike in spam text messages and online scams.
Assistant Majority Leader and Quezon City Rep. Alfred Vargas said if left unchecked, these schemes can be used as tools to spread disinformation and fake news during the elections.
“As we enter the campaign period, urgent steps should be taken to ensure that these schemes are not weaponized into tools to spread fake news and disinformation. Our right to suffrage and the integrity of our elections may become casualties if the concerned agencies fail to act,” he said.
In House Resolution 2378, Vargas said the Department of Information and Communications Technology, the National Telecommunications Commission, and the National Privacy Commission should conduct a thorough investigation.
“Speculations from consumers that their phone numbers might have been sourced from contact-tracing forms, indicating a breach of privacy, have surfaced and must be addressed diligently and immediately,” he said in his resolution.
As this developed, the NPC received an initial breach notification report on November 15, 2021, 4:47 PM, from S&R Membership Shopping in relation to a cyber-attack that may have compromised its members’ contact information.
The S&R said that it discovered the security incident last November 14, 2021, confirming that the subject of the ransomware attack was the S&R membership system affecting twenty-two thousand (22,000) data subjects, the NPC said in a statement.
According to the report, the following personal data were compromised: date of birth, contact number and gender.