Digital fraud perpetrators are now employing sophisticated tactics beyond traditional SIM-based schemes to victimize mobile users.

Department of Information and Communications Technology (DICT) Undersecretary Jeffrey Ian Dy said fraudsters or scammers are now increasingly using International Mobile Subscriber Identity (IMSI) catchers and fake radio units to intercept and rebroadcast transmissions.

“In short, non-SIM-based na yong scam. And then they’re also using Viber, they’re also using yong Messenger. Unfortunately, we also need a law to be able to regulate that. We need the proper laws in place to be able to also regulat mga chat, lalo na kung ginagamit [sa panloloko],” ayon ay Dy.

“For example, alam niyo ba lahat nang na hack sa Pilipinas, dina-dump ang dito through Telegram?” Dy said during Malacañang press briefing yesterday.

He stated that the lack of a dedicated law to govern these activities, especially in the space of chat applications where fraud is becoming more common, presents a challenge.

However, efforts are underway to address these legislatively, Dy confirmed. Discussions with Congress are ongoing, with pending bills aimed at tackling these emerging threats effectively.

The Electronic Frontier Foundation (EFF) explains that IMSI catchers are cell-site simulators, also known as stingrays. They are devices “that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower.”

Law enforcement agencies typically utilize them to perform comprehensive searches of all mobile phones within a designated area, but they frequently become entangled in contentious debates due to their circumvention of constitutional safeguards.

The device can be used to gather identifying information, such as the IMSI number. It can also collect metadata about calls, including the caller’s identity and the duration of the calls.

It has the capability to intercept the content of SMS messages and voice calls, as well as monitor the data usage, including the websites visited.

Scammers are able to assume the identities of reputable organizations, such as banks or government agencies, in order to trick victims into divulging personal information or making financial transfers by gaining access to intercepted conversations.

They can also potentially clone SIM cards or create fake identities, facilitating further fraudulent activities.