It looks like the Philippines is not the only country that has a huge problem with spoofed SMS which spams your inbox almost every day.
PH government officials have also alarmed with these text messages
Unsolicited or scam text messages on our phones already contain our names. This means that there is a data provider out there that has leaked or sold or been careless about our information. This makes all of us now vulnerable.
Very dangerous.
Originally tweeted by Marvic Leonen — maroon check (@marvicleonen) on August 31, 2022.
Our neighbor country, on the other hand, Singapore, which is considered the most technologically-advanced country at present, also endures this problem. In fact, there are reported incidents jumping from 16 to 5,020 within four years.
According to a report from StraightTimes, customers of a Singapore-based bank OCBC Bank lost $13.7 million in total, which forced them to arrange ‘full goodwill payouts’ to almost 800 depositors, because of spoofed SMS.
Although Singapore has an existing SMS registry, it’s still far from perfect.
According to Lim Chong Kin, head of Telecommunications, Media & Technology Practice at Drew & Napier LLC told Singapore Business Review, the old system was ‘blacklist-based’ wherein businesses and organizations in Singapore need to register their SMS sender ID, and a blacklist of similar SMS sender IDs would be circulated through SMS aggregators for automatic blocking.
SMS aggregators are Software as a Service (SaaS) third-party providers which send SMS text messages to users—services like Twillo, yondu, etc.
While SMS sender ID or SMS customer ID are composed of alphanumeric characters (A-Z, 0-9) displayed as the sender’s name which commonly represents a business name or a brand. In the back-end, it is equivalent to a string of numbers. For instance, WalasTech Alert will be our Sender ID while in the back-end, it could be 0912-345-6789.
It is used to help users identify from which specific businesses, organizations, and financial apps an OTP code or One-Time PIN, withdrawal alerts, or marketing texts came. Same as Singapore, official sender IDs of popular banking apps in the Philippines like BDO and UnionBank are spoofed or replicated to send deceiving messages appearing as legit text alerts. These contain links that lead you to spoofed websites tricking you to input critical information such as username, password, address, birthday, and others.
However, the previous approach was still inefficient in preventing malicious SMS as it was “confirmation-based” according to Rajesh Sreenivasan, head of Technology, Media, and Communications for Rajah & Tann.
Lim added that it is still delivered to some users because there are non-registered SMS aggregators, which need to be checked first before finally adding them to the blacklist.
The said system was eventually discontinued on March 2022.
As a solution, they’ve launched another new spoof-proof system this year. It was made and developed by the Infocomm Media Development Authority (IMDA) of Singapore, the counterpart in the Philippines.
Hopefully, PH will adapt the system
“Under the new registry, which adopts a ‘whitelist-based’ approach, companies can register their protected SMS sender IDs against their Unique Entity Number (UEN). Telcos and SMS service providers will be required to check SMS senders against the registry, and SMSes sent under a registered sender ID will be blocked when the sender’s details do not match the registry’s records,” Lim explained.
A business just needs to pay a fee to register their SMS Sender IDs.
Businesses and organizations that have registered will enjoy a boost in consumer confidence and brand reputation. Otherwise, they will face charges and maximum liability for not protecting their customers from such scams. Are we ready for this kind of system? Let us know in the comments.
