Opinion

SIM swap reactions

CTALK - Cito Beltran - The Philippine Star

November 1, 2021 | 12:00am

After reprinting a letter and narrative from our reader Oliver Tan on how his wife’s phone and bank account got “hacked,” I learned over the weekend that the column item had gone viral fueled by nothing more than fear, and continues to be shared by people who are so shocked and scared about the possibility of their phones being hacked and their bank accounts possibly being sucked dry by digital gangsters. Every friend who reached out to me last weekend said “thisis scary” or “sobrang nakakatakot.”

In a way that was the objective behind the reprinted narrative: To alert people but also scare the complacency and laziness out of people and make them realize that if someone really wanted to get to you or your accounts or your identity, it won’t be a “Mission Impossible.” Most people are too casual about engaging online, on social media and pay minimum effort to securing their personal information. We all assume that the institutions we work with, bank with or subscribe under, such as telcos, can totally address all risks and concerns. Sorry but if the Tan case tells us anything, no matter how many gate keepers you post, anyone with the right password, fake photos and other biometrics can trick the gatekeepers.

Clearly someone targeted the Tans because so much effort was apparently put in to gather personal information from “Mrs. Tan.” The idea of having a stalker is scary enough but the evidence that someone managed to get so much data over a period of time has turned many people paranoid over the weekend.

Yesterday I received an email from Estela Calderon, head of Corporate Affairs for MetroBank, concerning the matter and here is an advisory from MetroBank:

In relation to the case discussed in the article entitled “Identity Theft” published in The Philippine STAR last Oct. 29, we’d like to shed some light on what transpired in this case and share some tips so that we can help people avoid being victimized by similar scams in the future.

First, please rest assured that there was no breach at Metrobank and there are robust systems in place to detect suspicious transactions and block them. In this case, the Bank’s anti-fraud system detected a suspicious transaction from the beginning and immediately blocked the customer’s card for protection.

However, fraudsters were able to take over the customer’s mobile number using a SIM Swap modus at the telco store using false IDs. With the replacement SIM they were able to get, they could then make and receive calls, sms as well as transact with full access to the One-Time-Passwords (OTPs) used to secure each transaction. This is what enabled the fraudster to pass caller ID validation and security probing when the fraudster requested the unblocking of the card.

With the increasing sophistication of fraudsters and the greater risk faced by our customers from identity theft, Metrobank is committed to continuously improving and further reinforcing how we safeguard our clients. We are working with other banks, telcos, government agencies and other partners in order to strengthen the ecosystem that fights fraud, as this is bigger than any single institution and potentially affects every Filipino. We will continue to be proactive in educating the public as ultimately, the first and best defense against fraud is an informed and prepared person.

Attached here are some key anti-fraud tips to help the general public. Thank you for allowing us to share this message. Kindly attribute this statement to Metrobank.

How to protect yourself against the SIM swap modus and other fraud

To prevent SIM swap fraud, we need to be alert for any changes in our mobile line. A big flag is if a stranger or even a supposed telco representative calls asking you to turn off your phone. If your mobile line is unexpectedly disconnected for more than a few minutes, in an area where others of the same telco continue to have a connection, immediately call your telco provider on another mobile or landline, to check if there have been any changes made regarding your sim card.

Most importantly, fraud begins once scammers can get personal information. This can be done directly by phishing with a false call/email/sms/website to try and trick you into disclosing info or indirectly by social engineering, where they scan your social media for hints and pics that can help them figure out answers to security verification questions. ATM/credit cards, IDs, receipts, bills and other documents with personal or account information should not be posted and should be stored or disposed of securely.

Another way of protecting yourself is to never let your card out of your sight. When paying with a credit or debit card, make sure the transactions happen in front of you so no one can take photos or copy your card details. We all need to think twice before we click, disclose, post or share any information online or physically.

At the first sign of unauthorized transactions, call your credit card help line and select the option for fraud or lost/stolen card even if your physical card is still with you. This will be immediately attended to by your customer service partner who will help block your card.

More information can be found at www.metrobankcard.com/cardsservices/card-security-and-secure-online-shopping or metrobank.com.ph/fight-fraud or scamproof.ph for more fraud tips, news and advisories.

* * *

Needless to say several readers reached out to me and had their own opinion or suggestions on how the nightmare can be avoided. It was suggested that telcos and banks also include actual photos and thumb print of clients (if not a violation of privacy act) as an internal reference, much like the three signatures needed for bank accounts. All risky transactions such as SIM replacements, etc. should require photo and thumb print collection so that companies will have a record on file for the PNP and the NBI or Interpol for that matter. If no alerts go up within 30 days, the biometric data can and should be destroyed.

Be aware – Be alert – Be careful out there!