AN organized global syndicate is behind the recent spate of spam text messages offering fake and “too good to be true” job opportunities amid the pandemic, the National Privacy Commission (NPC) said on Tuesday.
At the Laging Handa briefing, Privacy Commissioner Raymund Liboro said these messages are just tricking the public into giving out personal information, including their bank account details.
“If our initial findings prove true, that personal data is being exploited by criminals abroad, then this also becomes a matter of national security, which should compel government, the private sector and advocate groups to work hand in hand and take more urgent and concrete action to safeguard,” he said in a separate news statement.
He explained that the scammers’ modus operandi involves the offering of jobs to promote products online. The catch is: the targeted victims must pay initially a fee before getting their commission afterwards, Liboro said.
The NPC chief said that victims would only realize later that they have deposited a significant amount of money already to the bank account of the scammers, who will suddenly disappear with all the money.
Other messages offer passive income opportunities and high-paying jobs, he added.
Liboro advised the public to block the sender and delete the messages. In addition, he said the public must be vigilant when providing consent of access to their personal information as it can be illegally processed.
“If from an unknown number, and with an offer that is too good to be true, it is most probably not true and is a scam,” Liboro said.
He explained that the scammers likely have a database of cellular phone numbers from previous hacking. As such, Liboro said, the NPC is scouring through the dark web if there are illicit sales of the private information.
In relation to this, Liboro said, there is no established direct link yet that the cellular phone numbers were obtained from the contact tracing forms. But he told those managing them to keep the information safe for the protection of the public against scammers.
NPC, to recall, ordered 58 local government units (LGUs) last month to comply with the privacy laws in their enforcement of contact tracing efforts amid the recent reports of smishing attacks.
Liboro said earlier they received reports and complaints from the public regarding the handling of personal data shared in contact tracing. Among these pieces of information include name, contact number and address.
The privacy commissioner said it was important to warn the public about these scams, especially at a time of accelerated digital adoption in shopping, banking and education, among others.
He also reminded that entities guilty of illegal processing of personal data may be punished with up to 6 years of imprisonment and a fine of up to P500,000.
Working together
NPC said it has summoned the data protection officers of telecommunication firms, e-commerce platforms and banks to address the matter. These include Globe Telecom, Smart Communications, Dito Telecommunity, Lazada and Shopee.
The privacy watchdog has asked them to report on their spam prevention measures, in addition to their initiatives in countering the surge of scam messages.
“We have summoned them to detail their current and future measures to combat smishing. Ultimately, we want to secure their commitment and focus in fighting these fraudulent practices so we can best strategize how to block these messages and protect our data subjects,” Liboro said.
The NPC aims to discuss potential coordination with the industry players in the matters relating to “exchanging [of] crucial information to prevent the unlawful collection and misuse of personal data.”
“We hope to find areas where the NPC and these industry players can establish a more proactive approach in fighting smishing and other scams, moving forward,” Liboro said.
Liboro said that NPC would keep monitoring the situation. He also urged the victims to file a report, especially if they believe their personal data was hacked.