In the Philippines, text scams have proliferated in the past couple of weeks and took a turn for the worse when scammers started using the names of their intended victims. There has been chatter that a breach is to blame, but that is not the case.
According to the National Privacy Commission, cybercriminals have been scrapping or harvesting popular apps GCash and Viber for names to be used on scam messages. In those apps, you can actually get the full name of SIM owners by just typing in a mobile number. On GCash, the full name of the recipient appears when you type in a mobile number. The same can be said of Viber, which shows the name of a recipient when you try to send a message to a mobile number.
Both Smart and GCash have reiterated that their systems are secure and that was no breach. The latter also took the extra step of no longer showing the full name of the recipient.
It was also discovered that fraudulent messages are being sent from individual SIM cards, mostly from Smart Prepaid numbers. This is often the case because of the service’s affordable unlimited text promos, which enable perpetrators from sending to as many numbers as possible.
Smart is working with the PNP-ACG and the NBI Cybercrime Division to find out the source of the scam texts. Angel Redoble, FVP and Chief Information Security Officer at PLDT and Smart, reiterated the need for the proposed SIM card registration bill.
“The proposed measure will significantly impact the operations of criminals. Already, they’re finding it more expensive to run their modus using prepaid SIMs because of our blocking efforts,” added Redoble.
It goes without saying if you receive a text message with your name with job offers that are too good to be true, do not open suspicious links within the message.