Recently, Supreme Court Justice Marvic Leonen sounded the alarm over a worrying trend in the spam text messages Filipinos have been receiving lately.
Apparently, the enterprising scammers who blast us with these nuisance messages not only know our mobile phone number but even our names and other personal details as well.
“Unsolicited or scam text messages on our phones already contain our names. This means that there is a data provider out there that has leaked or sold or been careless about our information. This makes all of us now vulnerable. Very dangerous,” Leonen said in his Twitter account.
-o0o-
And to add fuel to the fire of concern and fear, even one of the top officials of the Department of Justice – ironically, the one in charge of cybercrime – had also fallen victim to such scams.
According to a Business Mirror article, State Counsel Gerald Vincent Sosa of the Department of Justice-Office of the Cybercrime (DOJ-OCC) has admitted that he too received a text scam with his name and surname on it.
He said it was possible that these scammers managed to obtain the personal information of telco subscribers through data leak or through some other means.
He cited the membership forms for some business establishments being filled out by availing customers as one of the possible sources of data leak, although he admitted that it would really be difficult to pinpoint the source of the data leak or how these scammers were actually able to obtain these data.
-o0o-
Perhaps the DOJ should focus its attention on the millions of contact tracing forms that we filled out ad nauseam during the height of the Covid-19 pandemic two years ago.
As early as 2020, during the height of the lockdowns and the restrictions due to the pandemic, the National Privacy Commission (NPC) has laid down guidelines that all government agencies and private establishments must follow in handling these forms that were used to trace possible cases of Covid-19.
To ensure data privacy, establishments are directed to adopt the following: collecting minimum necessary information (such as name, address and contact details, providing a transparent data privacy notice, having a proper disposal mechanism, and imposing a limited period for the storage of collected information.
Even then, the NPC noted that customers who had filled out those forms had raised concerns over “the improper use of logbooks and the lack of appropriate data-protection measures that left in the open filled-out contact-tracing forms that contain customers’ data, such as names, addresses and contact details, which other people could see,” according to a Philippine News Agency article.
Other concerns were that “personal data were used for purposes other than contact tracing in the absence of a privacy notice and baseless retention period,” the agency said.
-o0o-
Most of these forms were reportedly stored in a haphazard manner or even just taken to dumpsites without adequate assurances that the data stored in them won’t be used by scammers or hackers.
Improperly stored data are a gold mine for phishers and hackers who could use the information for various criminal activities such as harassment or financial scams.
It seems we’re now reaping the grim price of the carelessness with which our personal data was stored: increasing reports not only of spam messages but also of phishers harassing people with imaginary court cases to extort money from their victims.