The Need for Better Cybersecurity and Data Privacy Protection

In light of the pandemic and the deeper integration of smartphones into society, smishing and online scams have been more prevalent than ever. With the pandemic and our increased use of mobile applications and contact, tracing has led citizens to be more digitally exposed.

The increase in incidents relating to even personalized scam messages containing names of mobile number owners has raised concerns to the level of the Senate. In the hearing, telecommunications giants, Globe and PLDT have said they already blocked more than one billion scams and assured customers that there were no security breaches on their end.

Deputy Privacy Commissioner of the National Privacy Commission, Leandro Angelo Aguirre, has said that names may have possibly been automatically or manually scraped by malicious actors from apps. Notably, patterns in these scam attempts contain names of those using “popular payment applications, mobile wallet or messaging applications.”

“Most likely, what is happening is that data scraping, either manual or automated, is getting information coming from these different applications and this is what is being used to match the names in the texts being sent to our countrymen,” specifically Viber and Gcash.

“It seems that the scammers are able to find a way to automate this process. As a result, they are able to harvest names with the format of GCash and names in the format of Viber in an automated manner,” said Angel Redoble, PLDT and Smart’s first Vice President and Chief Information Security Officer.

Since then Gcash has changed its feature and now hides the names of the users, revealing only the first and last letters of the names.

Despite this, it is still not enough. Smishing is still happening despite the probings and the reassurances from telecommunication giants in the Philippines.

These attempts and the rise in the number of incidents reveal holes in the cyber security and the data privacy protection of not only telecommunication companies but possibly other companies that contain our data.

Companies holding this precious data should do a thorough review of their current systems in place instead of waiting for scammers and bad agents to take advantage of these weaknesses.

Sources: Reuters, Philstar, Bloomberg