Explainer: How hackers are parading as legitimate telcos, companies

Artist's rendition of a hacker.
Image by Thomas from Pixabay

MANILA, Philippines (Updated 3:16 p.m.) — Have you ever received a text from your bank asking you to click on a link? The caller ID may seem legitimate, but think twice before clicking — you could be getting scammed.

As the Philippine government clears out physical scamming hubs, hackers have resorted to “guerilla tactics,” Department of Information and Communications Technology (DICT) Ivan Uy said. 

The DICT official affirmed that hackers have been a constant headache, as the technology that they use is rapidly evolving. 

Hackers used to rely on telecom networks to do scams, so when people used to get scam texts, they knew that they were getting it from an unknown caller. But now, people are getting texts from caller IDs bearing the name of their banks or other businesses. 

It is described as “drive-by hacking” — scammers would take their equipment and park their cars outside of crowded areas such as malls.

“Most of these equipment are actually smuggled in because they are illegal,” Uy said. 

Some of these equipment were used by politicians in past election cycles in order to blast texts to prospective voters. 

The text hijacking equipment allows them to misdirect cellphones to think that their machines are legitimate telco sites, capturing the numbers. 

“Once they capture all those numbers, they now do a text blast to those numbers and they can put anything on their [caller ID]. They can put a bank’s name, a telcos name, a credit card’s name on that text making you believe that you actually are receiving a text from that,” Uy said. 

Authorities have to physically go after these hackers. Uy said that it was a “cat and mouse thing.” 

The government would have to deploy assets to capture and intercept them. Uy said that they have already apprehended a handful of hackers. 

The DICT is still analyzing the equipment confiscated from hackers to determine how to adapt to it. Uy said the department is currently working with telco providers and the National Telecommunications Commission to develop a specific solution for this mode of hacking.

How about the SIM Registration Act? 

The contentious SIM registration Act sought to put an end to text scams. However, questions have been raised about the effectiveness of this new mode of hacking, which eliminates the need for an individual SIM card.

Asked if the law was still practical, Uy said it worked at first. However, scammers moved fast, shifting to other advanced means. 

“They shifted to other methods and in these methods that they are using now they do not need SIM, they operate on what we call over the top services like Telegram, Viber or Messenger, which do not require a SIM card. So some of them are using those methodologies,” he said. 

While the SIM Registration Act’s effectiveness against scamming has been questioned, introducing another one is not on top of the DICT’s to-do list. 

The first solution would be to tackle the issue on an operational level, since the legislative process takes time.

The evolution of scammers and their means would easily outpace the law. 

“What we are actually working on with congress is to amend the cybercrime law in order to have a more encompassing approach. Like in other countries, what they have legislated is a law against online harm,” he said. 

Uy said the law could add provisions against “online harm,” which can address issues such as cybercrime, scamming, hacking and more.

“As you conduct activities that will cause harm to others online, then it is covered by that law,” he said.

Show comments