MANILA - The National Privacy Commission will meet with the Philippine National Police and the National Bureau of Investigation this week as part of its probe into "personalized text scams."

This comes days after the privacy watchdog met with telco officials and the National Telecommunications Commission over the issue.

• Senate to investigate 'personalized' text scams

The latest smishing attacks, or SMS messages designed to dupe victims into giving up personal information, contain the victims’ full names.

NPC Public Information and Assistance Division Chief Roren Marie Chin said they will also be meeting with messaging apps, banks, e-wallet, and e-money issuer companies as part of the probe.

Chin noted that while they have not ruled out the possibility of a data breach, they are looking into the possibility that scammers are using an automated scraping and harvesting process to gather names and numbers.

"Nagkaroon na ng paguusap between sa mga messaging app and online payment app sa aming investigation division. So magkakaroon pa rin ulit ngayong linggo na ito.”

(There was already a meeting between our investigation division and the messaging and online payment apps. There will be another meeting this week.)

Chin explains the process involves a feature commonly found in e-wallet and messenger apps, which allows any app user to check the name registered to a number they want to transact with.

One e-wallet app for instance will disclose the name registered to a mobile number as part of the confirmation process for sending money.

Last week Engineer Pierre Galla of internet and civil rights group democracy.net.ph warned about this form of data scraping and harvesting in a social media post last week, where he detailed how users of one messenger application could easily find the name of any registered mobile number by simply inputting the number into the app.

Chin says while getting a user's name and phone number is not enough to gain access to bank or social media accounts, scammers may ask these users for their OTP or one-time passwords to gain access.

“Yun po ang nakakabahala. Pwede ma-change yung password ng mga tao, o doon sa mga nagmamayari ng account kung bangko man po yon, o mga online or social media account.”

(That's what's alarming. They can change the user's bank or social media account password.)

Chin said they have also asked telcos to quickly block the numbers sending the smishing attacks once these have been reported by the NPC and NTC.

To better inform the public regarding the issue, the NPC is holding a webinar on September 7 together with telcos and the NTC. The watchdog is also

Chin added they will be setting up more communications channels so the public may quickly forward their complaints regarding this specific issue to the NPC.

Fintech giants Maya and GCash have yet to respond to requests for comment.

• NTC urged to act vs text spammers as messages become 'personalized'
• Text scammers may have used contact-tracing data, NTC exec says

RELATED VIDEO

Watch more News on iWantTFC