Following its own investigation, PLDT’s wireless unit Smart Communications issued a statement saying that there was no breach in their systems and that the scam messages are sent to individual SIMs.
“These messages do not originate from aggregators or their customers,” said Angel Redoble, FVP and chief information security officer of PLDT and Smart. “There is no evidence to suggest a breach in our systems that would have given perpetrators access to the mobile numbers and names of our subscribers. Upon scrutiny of these spam messages, we have observed that the format of the names mimics the naming conventions used in popular digital services.”
Smart is referring to the proliferation of scam messages that has been happening for months now. The difference to the latest messages is they include the recipient’s full name including middle initials. The messages also contain links telling users to click, which many believe will lead to phishing sites. Unsuspecting users who click on the link may end up providing personal information including bank details or credit card numbers and cybercriminals can easily either sell them on the dark web or gain access to anyone’s accounts.
PLDT, Smart block more than 23 million ‘smishing’ messages in three days
PLDT, Smart block almost 78,000 SIMs tied to ‘job offer’ scam
“Smart Communications, Inc. is committed to keeping its customers safe against fraud,” Smart said in a statement. “Smart has beefed up its cybersecurity infrastructure to protect the personal information of its customers and to prevent criminals from breaching its network.”
Smart has intensified its efforts against malicious text messages that aim to defraud customers. In addition to blocking SIMs that send “smishing” messages, Smart has also blocked Uniform Resource Locators (URL) linked to these illegal activities.
“We continue to work with the National Privacy Commission (NPC), the National Telecommunications Commission (NTC), and law enforcement agencies to assist in efforts to identify the perpetrators. At this early stage, and pending completion of investigations, we believe it prudent to hold off on any conclusion. Our focus should be on identifying the source of these scam messages,” said Leah Jimenez, FVP and chief data privacy officer of PLDT and Smart.