Where do text scammers get our names? Here are some hypotheses

You know text scams or smishing has worsened when a Supreme Court Justice tweets about it. 

Justice Marvic Leonen expressed alarm yesterday about scam texts containing people’s names. He stipulates that a data provider has leaked, sold, or been careless about our information. “This makes all of us now vulnerable. Very dangerous,” he warned.

Text scams became rampant last year, with some people suspecting that these scammers got our numbers from the pesky contact tracing forms and apps we had to fill out everywhere we go during the height of the pandemic. But as one cybersecurity analyst notes, this is unlikely because phishing attempts have yet to be linked to tracing apps.

Little did we know, that was only the beginning.

Today, my work number—which I never use to sign up for anything—receives two to three job offers, congratulatory texts, and product recommendations daily. And sometimes, it will append each message with my name(!). Of course, these texts I dutifully block and report to my provider—as one should. But every time I do, they just come up with new numbers to pester me with.

Photo by Christian Wiediger on Unsplash

The National Privacy Commission (NPC) said it is already investigating these name-specific text scams. According to its message to Inquirer, it is already working with the National Telecommunications Commission (NTC), the anti-cybercrime group of the Philippine National Police, as well as the major telecommunications companies to get to the bottom of the issue.

While the investigation has yet to be concluded, the NPC said they already have two hypotheses: one, it has something to do with a popular e-wallet platform based on how familiar the name format is; and two, following that format, it looks similar to that of messaging platforms Viber and Telegram. They added that the automated software programmed to do specific tasks was being used by unscrupulous groups or individuals.

As for telecommunications company PLDT, its bet is that apart from targeting messaging apps, the scammers are also using publicly available data to harvest names.

Read more...