Massive Phishing Campaign Targets Filipino Mobile Users

Yesterday, the Philippine senate launched an investigation to identify the attackers behind a massive phishing campaign of millions of text messages sent to mobile users in hopes of capturing personal login credentials for fraudulent transactions.

The country’s two biggest telecoms providers have said they blocked more than 1 billion spam and suspicious text messages between them this year. PLDT and Globe have assured their combined 156 million mobile subscribers that cybercriminals have not breached their security systems.

Senator Grace Poe, who heads the senate’s public services committee, called for tighter measures against cybercriminals.

“This is a staggering number of messages that prey upon the vulnerable like those who are unemployed, in need of money or are just unfamiliar with these schemes,” Poe said.

Consumers have reported a surge in phishing attempts during the pandemic as people relied heavily on mobile devices for shopping and food delivery orders and banking.

The scale of this campaign is nuts. And something needs to be done. But apparently an attempt to deal with this was squashed:

Poe said it was time for lawmakers to revive a bill, vetoed last year by then President Rodrigo Duterte, that would require SIM card buyers to register with network providers to prevent scams and misinformation. read more

And Nick Ascoli, VP of Threat Research at PIXM has this to say:

There is a need for regulations that represent a sincere and holistic attempt at taking steps towards curbing cybercrime operations affecting the region. Unfortunately, scammers use many techniques to send luring text messages to victims, few of which involve the actual purchase of a physical phone and SIM card. Most involve the use of internet based SMS Gateways. While the specific proposal would likely not address the issue, it represents a hopeful sentiment that Southeast Asian governments will increase their use of federal resources in stopping cybercrime.

One of the best ways to deal with cybercrime is to go after the threat actors and take away the money gained from these crimes and take away their liberty. The next best thing is to make it harder for cybercriminals to execute their schemes. That’s what the law that was squashed last year would do and hopefully it gets enacted so that this issue is addressed.

Leave a Reply

%d bloggers like this: