THE PLDT group was able to block millions of short message service (SMS)-based phishing attacks, or smishing, and is now working to address text scams sent through individual numbers, according to its chief information security officer.
“Dati ’yung text scams ay nanggagaling sa talagang sender IDs ng mga kumpanya at pinatay na natin ’yun two weeks ago (Before, text scams would come from the sender IDs of companies, and we’ve gotten rid of them two weeks ago),” PLDT, Inc. and Smart Communications, Inc. First Vice-President and Chief Information Security Officer Angel T. Redoble told BusinessWorld on June 17.
“Ang nakakalusot na lang ay nanggagaling sa peer-to-peer or individual numbers, kasi unang-una hindi naman natin binabasa ’yung SMS ng mga tao (Those that still get away with it are messages sent through peer-to-peer or individual numbers, because we don’t read people’s SMS),” he added.
He noted that the group is now in talks with vendors “to upgrade so that we can detect and prevent” text scams coming from individual numbers.
“We’ve already initiated coordination with the PNP (Philippine National Police) anti-cybercrime group para imbestigahan kung nakakabili sila ng SIM cards na bulto-bulto (to investigate if [some people] are able to buy SIM cards in bulk).”
PLDT and its wireless arm Smart said on Monday that they have increased efforts to prevent malicious messages from reaching their customers.
“From June 11 to 14 alone, PLDT and Smart have blocked more than 23 million SMS that contain three URLs identified as phishing sites,” the group said in an e-mailed statement.
The group defined smishing or SMS phishing as a form of “social engineering done through text messages that deceive customers into thinking that these messages were sent by legitimate organizations such as banks, recruitment agencies, tour operators and other companies.”
“These messages often contain links to websites that lure victims into revealing their personal information,” it noted.
More than 600,000 text messages linked to smishing, hoaxes, and spamming were blocked in the first five months of the year.
At the same time, the group said it had blocked nearly 78,000 SIMs, or removable smart cards for mobile phones, related to smishing from January to May.
“PLDT and Smart have blocked more than 500 domains specifically linked to smishing while the group has further blocked more than 10,000 domains tied to phishing.”
The group invested nearly P3 billion in cybersecurity infrastructure last year.
“We are constantly upgrading our tools to stay ahead of criminals. We continue to engage our partners both in the government and private sector to keep the group updated on the latest threats and how perpetrators run their modus,” Mr. Redoble said.
Hastings Holdings, Inc., a unit of PLDT Beneficial Trust Fund subsidiary MediaQuest Holdings, Inc., has a majority stake in BusinessWorld through the Philippine Star Group, which it controls. — Arjay L. Balinbin