According to Palo Alto Networks, the growing number of unregistered SIM cards in the country exposes consumers to the risk of their mobile services being deactivated, hampering their communication capabilities.
This remark follows telcos' and the government's continued efforts to encourage users to comply now for SIM card number registration on or before the deadline of July 25, 2023.
The Department of Information and Communications Technology (DICT) has emphasized that the national government has established no further extensions for SIM card registration in the Philippines. So far, only 60.75 percent of the total 168 million SIM (Subscriber Identity Module) cards have been registered, putting more over 40% of Filipinos at risk of deactivation and social engineering tactics like phishing. Scammers are exploiting the situation by sending SMS messages that entice consumers to share personal information via phony registration links, posing a persistent and hazardous threat.
Furthermore, as the deadline approaches, the likelihood of phishing assaults increases. Cybercriminals use SMS texts to trick unsuspecting users into disclosing critical information like One-Time Passwords (OTPs), granting them unauthorized access to accounts.
The DICT has also warned that submitting false information or fraudulent IDs during registration could result in a six-month to two-year prison sentence and a P300,000 fine.
President Ferdinand R. Marcos, Jr. signed the SIM Card Registration Act on October 10, 2022, making it the first law enacted during his presidency.
In signing the bill, Marcos Jr. stated that the government will finally achieve the "long overdue" goal of regulating the issuance of SIM cards in order to reduce the proliferation of spam text messages and scams.
Republic Act 11934 or the SIM Registration Act regulates the use of SIM cards to help curb the proliferation of text scams and other mobile phone-aided criminal activities.
The July 25 deadline is a last-ditch effort to persuade users to register their SIM cards before the deadline or risk losing their numbers permanently.
Globe Telecom has already launched the campaign “Number Mo, Identity Mo” to encourage their consumers to register their SIM cards before the deadline.
"Online safety is a pressing issue in today's digital age. Through this unique initiative, we hope to drive home the point that our SIMs are a crucial part of our digital identity and must be protected. We also want to remind our prepaid customers that they need to register their SIMs by the July 25 deadline. We urge all Globe customers to register their SIMs now,” said Yoly Crisanto, Chief Sustainability and Corporate Communications Officer, Globe Group.
Smart Communications also issued a deactivation notice warning to their subscribers, urging them to register. If a SIM card is not registered, subscribers will lose their call, email, and other mobile services.
Smart is also urging subscribers with Smart Satellite (SmartSAT) prepaid SIM cards to register their SIMs ahead of the deadline to ensure continued service.
"As mandated under the SIM Registration Act, you also need to register your SmartSAT SIMs. Otherwise, any unregistered satellite SIM will be deactivated after the set SIM registration deadline by the government," said Mitch Locsin, First Vice President and Head of Enterprise and International Business Groups of PLDT and Smart.
Meanwhile, third telco player DITO Telecommunications is enticing its consumers to sign up with 2GB bonus data when they register their new or existing numbers.
Globe will adhere to the government's Implementing Rules and Regulations (IRR). Unregistered users will be temporarily disabled after July 25 and will have only 5 days till July 30 to finish registration. By July 31, all unregistered SIM cards will be permanently terminated, according to Globe Corporate Communications Head of Digital and Social Channel Strategy RG Orense.
There is no limit to the number of SIM cards that can be registered in one's name. This is legal, but keep in mind that you will be held accountable for any SIM registered to an identifiable person.
SIM registration is just one of the steps in place to detect and deter fraudsters and scammers. It is still the subscriber's obligation to remain vigilant, avoid giving information with persons they do not know, and think twice before answering calls from unfamiliar numbers.
As the SIM card registration deadline approaches, Palo Alto Networks discusses some of the steps you can take to protect yourself against phishing attacks:
Exercise caution when presented with unknown links:Be wary of links received from unfamiliar numbers or sources, especially those claiming to be from your telecom provider. Avoid clicking on suspicious links, as they may lead to fraudulent websites designed to steal your personal information.
Scrutinize links for anomalies: Check for misspellings or unusual URLs in the links provided. Phishers often employ tactics such as using slight variations of genuine domain names to deceive users.
Research official SIM registration procedures:Familiarize yourself with your network provider’s legitimate process for SIM registration. This will help you distinguish between genuine communications and phishing attempts.
Stay informed on security measures: Some telecom providers and other organizations, such as banks, proactively block links via SMS to combat phishing attacks. Stay up-to-date with the security measures implemented by your trusted apps or organizations to enhance your protection.
Leverage Multi-Factor Authentication (MFA):Activating MFA provides an extra layer of security, acting as a vital firewall for your devices during this heightened risk period.
“Phishing attacks will persist as the SIM card registration deadline draws nearer. Cybercriminals’ primary goal is to seize control of your number and exploit your OTPs to steal your money,” said Steven Scheurmann, Regional VP for ASEAN at Palo Alto Networks. “To stay safe, it’s crucial to think before you click and remain vigilant whenever you need to share sensitive information. Embracing the Zero Trust principle and granting the least privilege to your personal data can significantly bolster your defenses against phishing threats.”