THE National Privacy Commission (NPC) ordered 58 local government units (LGUs) this month to comply with the privacy laws in their enforcement of contact tracing efforts amid the recent reports of “smishing” attacks.
In a briefing over the weekend, Privacy Commissioner Raymund E. Liboro said the agency sent compliance letters to said LGUs, identifying the gaps they need to address.
Last month, NPC also did the same for 79 LGUs.
Liboro said they received reports and complaints from the public regarding the handling of personal data shared in contact tracing. Among these pieces of information include name, contact number and address.
Apart from LGUs, Liboro said the NPC also reached out to restaurants, drug stores, supermarkets and other establishments to remind them of their responsibilities relating to contact tracing.
“Ang layon natin dito, pagtiwalaan ng ating mga mamamayan ’yung contact tracing effort na sinasagawa ng ating pamahalaan upang labanan itong Covid,” [Our goal is to instill trust in the public that contact tracing is being done to curb the spread of Covid-19],” he said.
His statements came after NPC received reports that unsolicited SMS (short message service) messages were sent to mobile users, alleging their contact information were lifted from the contact tracing and health declaration forms.
This is a phishing attack called “smishing” whereby fraudsters send mobile text messages to victims, tricking them into clicking malicious web sites.
“The contents of these unsolicited messages reportedly include links that redirect to legitimate looking but fraudulent sites when clicked,” the NPC said. “These sites may steal users’ personal data, introduce mobile malware, and even commit fraud.”
The privacy watchdog noted that “smishing” can also be present in online shopping or delivery, sending a shortened link that leads to websites asking victims to provide their personal and banking information to complete the transaction.
As such, the commission told the public to be more vigilant of the cybersecurity attacks.
“One of the best ways users can arm themselves against ‘smishing’ attacks is to be aware of this kind of manipulation. Scrutinize the text messages you receive, especially if they come from an unknown number and request information about you,” Liboro advised.
Earlier reports noted that the accelerated shift to the digital platforms also fueled the surge in cyber-attacks usually for financial gain on the part of the perpetrators.