MANILA, Sept 8 (Mabuhay) — The National Privacy Commission (NPC) on Wednesday found that data aggregators — companies that collect data for commercial purposes — are unlikely to be the source of the recent wave of text scams that contain the name of their receivers.

In a statement, the NPC, through its Complaints and Investigation Division (CID), said these ‘smishing’ or SMS phishing messages appear to have been sent using specific mobile numbers registered to text services.

“As confirmed with the telecommunications companies (telcos), smishing messages which are sent using mobile numbers are possible through a phone-to-phone (P2P) transmission,” it said.

This method, it said, uses the regular network of telcos and does not pass through data aggregators which use an application-phone transmission.

“The messages received through this transmission will not appear to have come from specific mobile numbers, instead, it will come from a sender that has SMS ID (i.e., bank names, organization names, etc.) which identifies the data aggregator, or the brand or business name using the data aggregator’s services,” it said.

The investigation for potential sources and the root cause of these targeted smishing messages continues, with the NPC looking into patterns in the use of name formats that match the names of persons registered with payment applications (apps), mobile wallets, and messaging apps.

“Further, the NPC is working closely with telecommunications companies in formulating countermeasures against the recent wave of targeted smishing messages,” it said.

Telcos also continue to block mobile numbers that send smishing messages and messages with malicious URLs.

“The NPC shall pursue its investigation to its full extent and within the bounds of its mandate to protect the fundamental human right to privacy. Through relevant issuances, the Commission will be compelling entities involved to take firm action in addressing the possible privacy risk brought about by targeted smishing messages,” it said.

It called on the public to remain vigilant against suspicious text messages and to report incidents of targeted smishing to the NPC email,, or through the NPC’s social media pages. (MNS)