Philippine text scams: Customer names 'harvested', SMS with receivers' names trigger probes

“We believe that the recent ‘smishing’ attacks are being perpetrated by local operators," PLDT Inc. Chief Information Security Officer Angel Redoble said in a media statement on Tuesday.

Names harvested: PLDT

Incumbent operator Philippine Long Distance Telephone Co (PLDT), said it had teamed up with police and government investigators to track down the people behind the scams.

The company suspects an electronic wallet, a messaging platform and mobile loan applications may have been used to harvest names.

Globe: measures taken

Globe Telecom Inc. said in a separate statement that it has stringent measures in place to bar third-party breaches and guard against scammers. The nation's privacy body said last week that it's also investigating the unsolicited text messages.

Philippines: 5,000% rise in digital payments

Digital payments have risen 5,000% in the the Philippines due to the pandemic, accounting for almost a third of retail transactions even as monetary authorities aims to get half of the nation's retail payments done digitally by end-2023.

Unregistered SIM cards have become the scourge of online trade in the Philippines, through scams driven by the anonymity of mobile phone numbers. But it's just one of the enablers of financial fraud in the Asian country. A law requiring subscribers to register their phone SIM cards has repeatedly failed to pass the legislative chambers.

Between 2019 to 2021, Filipinos have lost an estimated 2 billion pesos (about $40 million) to online fraudsters, according to a senior Philippine central bank official.

Bangko Sentral ng Pilipinas (BSP) Governor Benjamin Diokno said the shift to digital payments and online banking amid the pandemic saw a spike in cybercriminal activity.

The data came from consumer complaints noted by the BSP in the last two years from 2019 to 2021 — which shows financial transactions valued at Php 2 billion involved in scams, hacking and phishing attacks, said Diokno. The Philippine central bank has been cracking the whip against fraud, money laundering, but a new legislation is being considered in the Senate to better protect consumers of financial services.

2,324% surge in hacking, malware attacks

In 2020, hacking and other malware attacks surged by a whopping 2,324% from the previous year, while phishing and other social engineering schemes increased 302% from 2019. Over the same period, account takeover or identity theft rose 2.5%. 

A proposed financial consumer protection act was heard in the Senate last year, but the legislative mill in the Philippines can be painfully slow.

Not just hackers

In addition to reports of bank transaction fraud, the Bangko Sentral ng Pilipinas (BSP) also heard consumer complaints involving insurance players, as wells “hundreds” of investment scams reported to the Securities and Exchange Commission (SEC) in 2019 and 2020.

42,456 complaints

A dramatic rise in digital financial transactions posed graver risks, the central bank said. As COVID-related mobility curbs were imposed, the BSP logged 42,456 complaints from consumers in fraudulent financial transactions from 2020 and 2021.

Monetary regulators pressed for legislation to better protect consumers from online fraud. While a majority of these cases have been deemed closed through a difficult and long process, and for many complaints the resolutions were unfavourable to the consumer.

In 2021, complaints related to the use of internet banking and mobile banking account for 45.2% of the total complaints. Hackers and scammers took advantage of the digital infrastructure and consumer vulnerability to perpetrate crime.

Based on BSP data, the increased use by the public of digital financial services has given rise to a wave of cyber and financial crimes, a central bank official told the Philippine Senate in a previous investigation.

Hacking incidents

On December 12 2021, central bank said they were looking into complaints that some clients of BDO Unibank, the Philippines’ biggest lender, lost money to online fraudsters that involved the use of Union Bank of the Philippines (UBP) accounts.

Financial consumer protection bill

The cases could be resolved quickly once the financial consumer protection act is in place. This act will empower financial regulators such as the BSP, the Insurance Commission, the SEC and the Cooperative Development Authority (CDA) to expedite the adjudication of reasonable monetary claims more efficiently, fairly and openly, all to the benefit of the consumers.

In the proposed legislation, financial regulators will be empowered to sanction business practices and entities that pose grave and irreparable injury to financial consumers. The bill, if passed to become a law, will not only help curb risks from financial fraud and cybercrime but also keep consumer confidence in the financial system.

SIM Card Registration Act in the anvil

On December 16, 2021, the Senate passed on third and final reading Senate Bill (SB) 2395 that will require the registration of subscriber identification module (SIM) cards.

Known as the SIM Card Registration Act, it seeks to curb criminal activities aided by mobile phone, internet, or other electronic communication devices, such as terrorism, text scams, unsolicited indecent or obscene messages, bank fraud, and disinformation.

The bill has to be "harmonised" with the version passed by the House of Representatives. Elections were held in May 2022. The measure requiring the registration of all post-paid and pre-paid mobile phone SIM cards hurdled committee level at the House of Representatives on September 5, 2022.

The bill was swiftly approved due to House Rule 10, Section 48, which authorizes the committees of the House of Representatives to dispose of priority measures already filed and approved on the third reading in the immediately preceding Congress.