SIM card registration prone to hacking, non-solution to spamming


MANILA – An additional weekly income of P2,000.

This was the promise contained in a text message that call center agent Rosalyn Ogana received just last month. The text asked for her name, age, and e-Wallet number.

“I was initially impressed because I was told I only need to share and post information regarding their products. It was a piece of happy news for me because it would be an additional income. I replied to the text immediately,” Ogana told Bulatlat in Filipino.

But Ogana soon became suspicious as she soon received a verification message from her e-Wallet regarding a new PIN. It then dawned on her that it was a scam. She then checked her e-wallet. Fortunately for Ogana, her money was still there.

What happened to Ogana was a possible phishing attack, which the UK-based National Cyber Security Centre defined as an attempt to trick users to download malware that may sabotage systems, or steal intellectual property and money.

In a Senate hearing last week, the National Telecommunications Commission (NTC) said that they managed to block only 800 messages this year. This is a far cry from the 784 million scams and spam messages that a major telecommunications company managed to block from January to July 2022.

“We are not satisfied that the NTC is merely issuing SMS alerts, urging the public to be cautious of these phishing scams. It is ineffective and downright lazy,” Kim Cantillas of the Computer Professionals Union said.

SIM card registration is not the answer

Like Ogana, Quezon City-based worker Irish Lalis said she receives spam messages at least every hour in the day, with one text saying that she needs to click the link to stop a scammer from accessing her mobile bank account.

“It is irritating to receive spam messages. I have to check my phone every time because it may be an important message, only to find out that it was spam. I autoblock these numbers,” she told Bulatlat.

Her cellphone, she said, is where important matters, including work and bank details, can be found.

During a Senate deliberation, Sen. JV Ejercito who also received a scam message recently said that he is supporting the proposed subscriber identity module (SIM) card registration to “greatly prevent scammers and pranksters from doing their modus operandi.”

Last week, the consolidated bill on the proposed SIM card registration measure was approved by the House of Representatives Committee on Information and Communications Technology. Former President Rodrigo Duterte vetoed this measure in April 2022.

But for digital safety advocacy groups like Digital Pinoys, its national campaigner Ronald Gustillo said that the government may be risking the personal data of Filipinos due to possible hacking.

“If the government will consolidate all SIM card users’ data in one database, the government may be creating the holy grail of all databases,” said Gustillo in a Facebook post, adding that it could become “highly coveted” and enticing for hackers.

The Foundation for Media Alternatives, a non-government agency that has also been campaigning against the proposed SIM card registration, has long said that this measure “is a boon for law enforcement” and that “criminals are able to circumvent this type of regulation.”

The group said that it is going to be a logistical nightmare and has warned of its potential use for surveillance.

“Logistical difficulties, financial costs, and the privacy risks connected with the registration process will inevitably affect people’s purchase and use of SIM cards. This could potentially lead to some sectors or populations getting disincentivized or discriminate upon as a consequence,” the FMA said in a 2018 paper.

What is PH gov’t doing?

Cantillas said that the Philippine government should investigate both those behind the sending of text messages and those possibly selling the information of mobile users.

“The NPC (National Privacy Commission) should look into the data and privacy policy of companies, organizations, and apps. There are many businesses that require data users if even if these are not necessary to the services they are providing. That should be prohibited per the DPA (Data Privacy Act),” Cantillas said.

Cantillas also urged the public to be more vigilant as phishing attacks continue. “If it looks too good to be true, it must be too good to be true.”

Meanwhile, as Ogana was being interviewed by Bulatlat, she received another text message. She was offered a job and she immediately blocked it, worrying that with her bank account tied to her mobile number, it may disappear in an instant. “I am calling on the government to look into this situation that appears to be worsening. The government should immediately act on it.” (JJE, DAA)

Share This Post