Scam texts got your name? These apps may have been the source.

Full names are now appearing on text spams raising concern among Filipinos. According to a National Privacy Commission official, names may have been manually or automatically scraped from certain apps.
Philstar.com/EC Toledo

MANILA, Philippines — “Madali lang kumita, magbukas ng account.”

Are spam messages like these flooding your inbox recently? Are you bothered that they sometimes contain your name?

Leandro Angelo Aguirre, deputy privacy commissioner of the National Privacy Commission, said Tuesday that our names may have been manually or automatically scraped by scammers from certain apps.

Aguirre told ABS-CBN’s TeleRadyo that their complaints and investigation division has seen a pattern in these targeted smishing attempts as they bear names of users of “popular payment applications, mobile wallet or messaging applications.”

“Most likely, what is happening is that data scraping, either manual or automated, is getting information coming from these different applications and this is what is being used to match the names in the texts being sent to our countrymen,” he said in Filipino.

Angel Redoble, PLDT and Smart’s first vice president and chief information security officer, said Wednesday on CNN Philippines’ “The Source” that their own investigation revealed two formats of names being used, one possibly from fintech app GCash and the other from messaging app Viber.

Aguirre and Redoble explained that names can be harvested from these apps. In GCash, for example, a user’s full name and the initial of their surname is shown when someone else is sending them money through the app. On Viber, a user’s name on the app is shown when someone tries to send them a message.

“It seems that the scammers are able to find a way to automate this process. As a result, they are able to harvest names with the format of GCash and names in the format of Viber in an automated manner,” Redoble said.

Rakuten, the company behind Viber, did not immediately respond to a request for comment, while Globe Telecom Inc., the parent firm of GCash, said it will issue a statement.

Who’s behind smishing?

But who could possibly be behind these text scams? The NPC itself is quite clueless for now.

“We haven’t identified that for now,” Aguirre said. “Based on what we’ve seen, these texts are not coming from data aggregators, meaning applications to our telephones. We’re seeing that these are phone-to-phone transmissions using regular networks of telcos.”

“It looks like they are using prepaid numbers that are subscribed to unlimited text promos,” he added.

For now, Redoble said PLDT and Smart have suggested a joint investigation with the NPC to finally get to the bottom of scam and spam texts that have plagued Filipinos and prompted a Senate panel to conduct an inquiry on these on Thursday.

Meanwhile, the NPC said telcos are exerting all efforts to block and quash spammers and scammers, who are also learning to outsmart countermeasures.

“Our telcos are implementing SMS fraud detection tools like spam filters, keyword filters, URL blocking, sender IDs, ID registration and whitelisting,” Aguirre said. 

“These are continuously being tweaked so that filtering becomes better at reducing if not completely eliminating spam texts. But let us understand that while they change their parameters, spammers also adapt. So we adjust. While that’s happening, we investigate.”

Show comments