Telcos must block malicious site URLs – Manila Bulletin

Telecom companies have been ordered to block person-to-person clickable Uniform Resource Locators (URLs) from malicious sites as part of an increased initiative by the National Telecommunications Commission (NTC) to combat smishing.

In an order dated Monday, September 12, the NTC ordered Dito Telecommunity Corp., Globe Telecoms Inc and Smart Communications to “block or disable domains or URLs, TinyURLs, smart links and/or QR codes from sites Malicious” based on database extracted from government agencies such as NTC, National Privacy Commission (NPC), DTI, Law Enforcement Agencies, Subscriber Reports and those generated by machine learning or artificial intelligence.

Telcos were also asked to submit a written report of compliance to the NTC Commissioner by September 16, 2022.

For its part, the NPC has pre-ordered the three telecommunications service providers to submit a comprehensive audit report which will include a review of their respective distribution frameworks for their subscriber identity modules (SIM cards) used in smishing messages containing the names of the recipients.

Privacy Commissioner John Henry D. Naga said the ongoing investigation involves close coordination between the telecommunications companies and government authorities such as the NTC.

Additionally, the NPC’s order directs the three telcos to report all mobile phone numbers implicated in the smishing messages; the distributors and/or entities from which the affected numbers were distributed; persons and/or entities whose mobile phone numbers have been disclosed by Distributors; and other information that may assist the NPC in its ongoing investigation.

Telecommunications operators have ten days to comply. The NPC’s Complaints and Investigations Division will also assess telecom operators’ submissions and investigate further.

As part of its next steps, the NPC will convene a meeting with representatives of telecommunications carriers and government agencies, including the NTC, the Cybercrime Investigation and Coordinating Center, the Philippine National Police and the National Bureau of Investigation next week, Sep 13. The Commission urges the public to immediately report incidents of targeted smishing to [email protected]

“The Commission is proactively investigating the matter to identify the causes and implement all possible solutions to mitigate, if not eliminate, the threats and risks associated with targeted smishing messages,” the NPC said.

“We will relentlessly protect Filipinos from any unscrupulous attempt to take advantage of our personal data. We call for the full cooperation of all stakeholders involved, including telecom operators, our partners in government and the public, to bring this matter to a successful conclusion,” Naga said.