Most Links Sent Through Text Scams Are Gambling Sites – Cybersecurity Expert

Citing the initial findings of the Department of Information and Communications Technology (DICT), a cybersecurity expert said on Tuesday, Sept. 13, that most of the links sent through text scams were found to be gambling sites.

“The Cybercrime Investigation and Coordinating Center (CICC) of the DICT checked the links in these spam messages. Most of these sites that are being offered to you to click are gambling sites, some are scam sites,” cybersecurity expert Art Samaniego told “One News Now.”

Samaniego said as long as the link is coming from a text message, the public should consider it as a scam. “Don't click the links that are being sent to you.”

“In fact, the Bangko Sentral ng Pilipinas (BSP) already warned banks and financial institutions not to put links in messages and e-mails. So kapag merong link, automatically ‘yan, consider it as a scam,” he said.

On Monday, Sept. 12, the National Telecommunications Commission issued a memorandum instructing telco firms to block or deactivate clickable person-to-person links in text messages, in a further step toward containing the spread of messaging scams.

NTC special adviser to the commissioner Edgardo Cabarios said the agency had to issue such an order to stop the proliferation of text scams that contain transfer links to fraudulent sites.

Read More: NTC To Telcos: Block Text Scam Links

Last month, the BSP reminded the public to be vigilant against fraud perpetrated through unsolicited e-mails or text messages with links that redirect the mobile user to highly suspicious websites.

These include “smishing,” a form of phishing wherein text messaging is used to trick people into clicking a link to provide the information in their mobile phones. This malicious link, when clicked, automatically downloads malwares and/or redirects to websites that collect information that may be used for fraud.

To help prevent this, the BSP also advised the public to refrain from clicking links even if these appear to be coming from banks, e-money issuers, or known companies or brands; and to protect personal information.

During a hearing of the House committee on appropriations on the proposed P40.3-billion budget of DICT for 2023 on Sept. 9, DICT Secretary Ivan John Uy said the initial probe on “text smishing” revealed that foreign criminal syndicates were behind them.

“This is more than meets the eye and there are criminal syndicates that are operating and these criminal syndicates are international,” Uy told the members of the committee.

The DICT chief declined to give details, but offered to give the committee “more comprehensive information” about the anomaly in an executive session.

Uy also bared that the DICT may have to set up call centers to receive numerous complaints about text spams. “We are formulating already the guidelines and it’s a singular, more responsive complaint center to address this.”

Block spam messages

According to Samaniego, it’s better for these spam messages to be blocked.

But he emphasized that blocking websites would not solve the problem because “when you block a site, the content will still be [on] the internet.”

Samaniego also said that telco firms have been blocking links sent through text scams for a long time now but “these are just links that they are going to block, they're not going to take down any site.”

The National Privacy Commission recently ordered the country’s telco service providers to submit a comprehensive audit report, which includes an examination of their respective distributor frameworks for their subscriber identity module (SIM) cards used in smishing messages that contain the names of recipients.

Based on its initial investigation, the NPC said data aggregators are unlikely to be the source of the recent wave of targeted smishing messages that are possibly sent through phone-to-phone (P2P) transmission.

“The NPC, through its Complaints and Investigation Division, has observed from the smishing reports it received, that the smishing messages appear to have been sent using specific mobile numbers registered to certain texting services,” NPC Deputy Commissioner Leandro Angelo Aguirre said earlier.

The NPC assured the public that it has been continuously investigating potential sources and root cause of targeted smishing messages such as patterns in the use of name formats registered with popular payment applications, mobile wallets and messaging applications.

SIM card registration

Samaniego said going after scammers will be easier through SIM card registration law. “The problem now is that if [the] law enforcement agency will go after the one that sent you the text message, they will encounter a dead-end because that SIM card is prepaid.”

“I think it will be easier for our law enforcement agencies to act [if those SIM cards will be registered],” he noted. “So they will not be meeting dead-end after dead-end if they will run after these scammers because it's prepaid and it's just 30 pesos to buy a SIM card.”

The proposed SIM Card Registration Act passed during the 18th Congress was vetoed by former president Rodrigo Duterte.

While SIM card registration would help the problem, Samaniego, however, said it would not solve the scamming and the spamming issues.