MANILA, Philippines — Data aggregators “are unlikely to be the source of the recent wave of targeted smishing messages” that include the name of recipients, the National Privacy Commission (NPC) said Wednesday citing their initial investigation.
NPC Deputy Commissioner Leandro Angelo Aguirre said that the sham texts appear to have been sent using specific mobile numbers. This means that the scammers used phone-to-phone transmission to distribute the messages, he noted.
Smishing happens when fraudsters send messages to mobile phones and trick recipients into sending money or giving their personal and sensitive information to the message sender.
“The result of the initial investigations of the NPC shows that the data aggregators are unlikely to be the source of the recent wave of targeted smishing messages that specify the recipient’s names,” Aguirre said in a briefing Wednesday.
READ: Text scam that knows phone user’s name raises alarm
“As confirmed with the telecommunications companies, smishing messages which are sent using mobile phones are possible through a phone-to-phone transmission. Such transmission is usually coursed through a telecommunication company’s regular network but does not pass through data aggregators,” he added.
Data aggregators are usually third-party organizations that companies tap to disseminate their advisories and marketing offers.
Aguirre explained that contrary to a phone-to-phone transmission, data aggregators use an application-to-phone transmission.
READ: Here’s how to spot, avoid phishing – Bangko Sentral ng Pilipinas
“The messages received through this transmission will not appear to have come from specific mobile numbers,” Aguirre said.
“Instead, it will come from a sender that has SMS ID – that is blank names, organization names, and etcetera – which identifies the data aggregator or the brand or business name using the data aggregator services,” he added.
READ: Watch out for new credit card scams
The NPC said it will continue to investigate the potential sources and root cause of targeted smishing messages such as patterns in the use of name formats that prospectively match the names of data subjects registered with popular payment applications, mobile wallets, and messaging applications.
“The NPC shall pursue its investigation to its full extent and within the bounds of its mandate to protect the fundamental human right of privacy,” Aguirre said.
“Through relevant issuances, the commission will be compelling entities involved to take firm action in addressing the possible privacy risk brought about by the targeted smishing messages,” he added.
Aguirre said telecommunication companies are also blocking identified mobile numbers that send smishing messages and is continuously blocking messages with malicious links associated with smishing.