Smart Communications stepped up measures to improve its cybersecurity infrastructure to prevent malicious messages and reassured customers its systems were not breached during a recent spike in SMS scams.
Angel Redoble, chief information security officer of Smart Communications and parent PLDT, insisted in a statement it experienced no cybersecurity incident which allowed criminals to breach its infrastructure and steal customer data.
She added Smart Communications is working with law enforcement agencies to investigate the sources behind the attacks.
Smart Communications noted a review by its cybersecurity operations found the messages were sent by individual SIMs rather than aggregators or their clients. It believes the attacks were conducted locally.
Between the beginning of the year and end-August, Smart Communications blocked more than 11 billion attempts to open links associated with spam messages.
The operator stated it is intensifying its campaign against text message scams.
Smart Communications noted coordination with police and investigators revealed criminals may have used a popular e-wallet and online messaging platform to harvest subscribers’ names.
Christopher Paz, chief of the National Bureau of Investigation’s Cybercrime Division, said its initial probe showed criminals may have acquired the data from different establishments then used mobile numbers on GCash and Viber to glean subscribers’ names and use those in messages.
Redoble noted the “infrastructure of GCash or any digital wallet” was not compromised.
“The criminals simply checked the mobile numbers if they are subscribed to the platform. The scammers seem to have found a way to automate the harvesting of names from different sources.”Subscribe to our daily newsletter Back