The National Privacy Commission (NPC) is investigating a probable personal data breach involving unlawful transactions…
‘Unlikely’ to be the source of specific text frauds are data aggregators: NPC
Data aggregators, or businesses that gather data for commercial purposes, were not likely to be the cause of the current rash of text scams containing recipients’ names, according to a finding made on Wednesday by the National Privacy Commission (NPC).
The NPC noted in a statement that these “smishing” or SMS phishing messages appear to have been sent using cell phone numbers registered to text services, according to the Complaints and Investigation Division (CID) of the NPC.
It stated: “Smishing messages transmitted via mobile numbers are conceivable through a phone-to-phone (P2P) transfer, as validated with the telecommunications operators (telcos).”
This approach, it was said, bypasses data aggregators, which employ application-phone transfer and use the standard telco network.
“The messages received through this transmission will not appear to have come from particular mobile numbers, but rather from a sender that has SMS ID (i.e., bank names, organization names, etc.), which identifies the data aggregator, or the brand or business name using the data aggregator’s services,” it said.
The NPC is looking into patterns in the use of name forms that correspond to the names of people registered with payment applications (apps), mobile wallets, and messaging apps as part of its ongoing investigation for potential sources and the underlying reason for these targeted smishing messages.
Additionally, the NPC said it was actively collaborating with telecommunications firms to develop defenses against the most recent wave of targeted smishing messages.
Telcos also keep blocking cellphone numbers from sending malicious URLs and smishing messages.
“Within the constraints of its responsibility to preserve the fundamental human right to privacy, the NPC shall pursue its investigation to the fullest extent possible. The Commission will oblige parties to act forcefully to address the potential privacy danger posed by targeted smishing communications through the appropriate issuances, it said.
The public was urged to be on the lookout for unusual text messages and to report incidences of targeted smishing using the NPC’s social media channels or email at firstname.lastname@example.org.
We appreciate your reading. You may also consider sharing it with others.
Please comment below if you found this post interesting.
Be one of our DONOR / SPONSOR to support NextGenDay news website.