Canadian Cyber Security Journal
SOCIAL:
Filed under: News, TechTalk

Why You’re Getting Spam Texts, According to a Cybersecurity Expert

bbb

“I am a project manager, we are hiring a team, working on the home, daily salary around: 3000-8000 Peso, Accept Jobs on Whatsapp,” reads a text that many Filipinos received some version of over the past few weeks.

Other iterations offer part-time and full-time positions in industries like e-commerce and solar energy, or entice people with the opportunity to “make money with your mobile phone.” Almost always, these texts end with a mysterious link. According to one curious and brave citizen, clicking on it leads you to a chat where an unknown sender gives more information about the supposed job opportunity, and eventually tries to collect your bank details. Experts and regular citizens alike have called it an elaborate phishing scam.

Of course, these scams are nothing new.

“Filipino citizens have suffered from a lot of data breaches for the past six or seven years,” Mara Miano, a Filipino cybersecurity expert from online trust and safety firm ActiveFence, told VICE.

Miano recalled how hackers compromised the backend of the Philippine Commission on Elections (COMELEC) database in 2016, defaced the COMELEC website, and left a message questioning the security of the country’s voting machines. Then, another group reportedly posted mirror links online for anyone to download what it claimed was the COMELEC database. The government body apologized for the incident and instructed citizens to change their email passwords and inform their credit card companies that their data may have been breached, but experts believe the information—like voters’ email addresses, passport numbers, and, possibly, mobile numbers—could still be available online.

“Filipino citizens have suffered from a lot of data breaches for the past six or seven years,” Mara Miano, a Filipino cybersecurity expert from online trust and safety firm ActiveFence, told VICE.

Another way for mobile numbers to end up in spam texters’ databases is through data brokers, who collect information from forms people fill out, like seemingly harmless ones you submit to get free stuff in malls, for example. That this information is traded and sold is a “known practice,” Miano said. It’s also possible, the cybersecurity expert added, that some contact tracing apps during the pandemic do not secure the data they collect, leaving them open for hackers to acquire.

Another way for mobile numbers to end up in spam texters’ databases is through data brokers, who collect information from forms people fill out, like seemingly harmless ones you submit to get free stuff in malls, for example. That this information is traded and sold is a “known practice,” Miano said. It’s also possible, the cybersecurity expert added, that some contact tracing apps during the pandemic do not secure the data they collect, leaving them open for hackers to acquire.

For small things like receiving one-time passwords or signing up for free stuff at the mall, people can start using burner “dumbphones” (as opposed to smartphones) with prepaid sims, so the numbers aren’t linked to any personal information or online data. They can also use burner email addresses, which of course should not have people’s real names.

Enjoy this article? Don’t forget to share.