In the recent weeks, there have been a surge of SMS inviting people to apply for various types of jobs. The messages have call to action, which is to click the link to proceed.
Many people have speculated that their numbers used in contact tracing apps were either breached, scraped, or merely given away. The surge in spam or scam messages coincided with the increase in use of contact tracing apps when the government eased the COVID-19 restrictions and many establishments have opened their businesses.
The National Privacy Commission (NPC), the Philippines data privacy watchdog, last week said that it was looking into the reports but that there was “no sufficient information, at this time, to attribute or link the growing concerns on unsolicited SMS to scraping or breach of contact tracing forms/apps.”
NPC also said initially that they are conducting “privacy sweeps” or compliance check “with respect to its obligation under the DPA, and its related issuances based on publicly available or accessible information, such as, but not limited to, websites, mobile applications, raffle coupons, brochures, and privacy notices.”
Today, NPC said it summoned telecommunications companies, banks, and e-commerce platforms but not the developers of contact tracing apps.
“We have summoned them to detail their current and future measures to combat smishing,” said Privacy Commissioner Raymund Liboro.
The NPC also said that per its initial investigations, the smishing (form of phishing that uses mobile phones as the attack platform) activities are run by a “global crime syndicate, not by a group that has gained unauthorized access to contact tracing forms, which was one of the first suspicions.”
“If our initial findings prove true, that personal data is being exploited by criminals abroad, then this also becomes a matter of national security, which should compel government, the private sector, and advocacy groups to work hand in hand and take more urgent and concrete action to safeguard,” Liboro said.
The meeting with industry players, according to the NPC is to “discuss potential coordination in exchanging crucial information to prevent the unlawful collection and misuse of personal data.”
“We hope to find areas where the NPC and these industry players can establish a more proactive approach in fighting smishing and other scams, moving forward,” Liboro said.