In an era where technology shapes nearly every aspect of our daily lives, cybercriminals have found increasingly sophisticated ways to exploit humanity’s digital advancements for their social engineering attacks.

Social engineering, which preys on human psychology to deceive individuals into divulging confidential information, has evolved significantly with the rise of big data, artificial intelligence (AI), and social media.

Yes, Virginia, the growing and widespread use of technology has allowed malicious individuals to elevate their schemes, making them appear more legitimate and these attacks even harder to detect and prevent.

A case in point is the message received by a former colleague in the journ industry who has jumped to the other fence of the lucrative Public Relations business: award-winning chairman of PageOne Ron Jabal. It alerted him that his “credit card points will expire in 4 hours. You will lose your chance to get 1,200 pesos cashback. Redeem your gift now: https://banka-bdo.mom.ph Redemption code LSEND-3899”

The message was outright “suspicious” simply because Ron doesn’t have a BDO credit card. Additionally, the link, on close scrutiny, is altogether dubious. But what’s scarier is that the SMS appears convincingly authentic as it “came from the legit BDO message/text blast facility.”

That's right, hackers and attackers can now deploy large-scale email and SMS phishing campaigns that can appear convincingly authentic. The automation of phishing campaigns is another technological advancement aiding social engineering.

According to the Philippine Threat Landscape Report 2024-2025, cybercriminals increasingly leverage open-source intelligence techniques to gather publicly available information from platforms such as Facebook, LinkedIn, and Twitter in order to tailor their scams to specific targets.

From what I hear, phishing-as-a-service kits available on the dark web allow even unskilled hackers to execute such sophisticated attacks on unsuspecting individuals, reducing the barrier to entry for cybercriminals.

These phishing attempts, like in Ron's case, often mimic financial institutions, government agencies, or even corporate HR departments, making it more likely for victims to fall for the deception.

In fact, the Cybersecurity and Infrastructure Security Agency (CISA) of the United States has warned that such techniques are being used globally to compromise sensitive data and financial assets.

I'm not tech-savvy, but I believe that to mitigate these threats, we, the consumers, must be vigilant about evolving cybercrime activities. Organizations, on the other hand, should conduct cybersecurity awareness training to help individuals recognize the signs of social engineering attempts.

The implementation of multi-factor authentication by digital banks like Maya and e-wallet GCash is essential in curbing these unwarranted activities.

The spike in these unscrupulous cyber activities, plus the CISA alarm bells, brings to the fore the noise ringing among telecom players about the Konektadong Pinoy (KP) bill, which is about to lapse into law this very day without any action from Malacañang Palace.

The Philippine Chamber of Telecommunication Operators (PTCO) has pressed the alarm button on KP’s loopholes that could impact their way of doing business moving forward.

Roy Ibay, PTCO vice president and head of the regulatory department of Smart, said KP, in its current form, “risks tilting the playing field in a destructive manner,” giving new players shortcuts, thereby “weakening” the rules that ensure fair play.

Specifically, Section 14 of the KP bill “allows satellite operators to connect directly to Filipino users and use spectrum without needing a telco partner or a Congressional franchise.”

One specific provision that gets me riled up pertains to cybersecurity. The bill grants a two-year grace period for new data participants to comply with cybersecurity certification to protect their system with appropriate cybersecurity equipment.

“We’re beset with many cyberattacks in the telecoms industry, and to grant two years, it will expose us to many malware, malicious, malignant, and foreign interference that includes disinformation and perhaps shaping the narrative, the national discourse,” lamented Globe Telecom legal counsel Ariel Tubayan.

Additionally, KP “waters down the regulatory powers” of the National Telecommunications Commission (NTC), virtually reducing the institution to a “mere registrar.” In its current form, KP only requires registration for new participants of the data telecommunications industry with NTC, as opposed to the existing environment wherein new participants go through the quasi-judicial gauntlet.

Watching how this will unfold.