eGovPH impersonation scam raises alarm over full mobile device takeovers

DECODED: TECH, TRUTH, AND THREATS

The official eGovPH platform was designed to make public services more accessible to Filipinos. But recently, the Cybercrime Investigation and Coordinating Center (CICC) warned that scammers are exploiting the name of the government’s super app in a growing wave of impersonation attacks that go far beyond simple phishing. Recent reports suggest that victims are not just losing money. In some cases, their entire mobile devices may be temporarily taken over.

CICC Executive Director Usec. Aboy Paraiso said the modus begins with a phone or video call from someone claiming to represent eGovPH or a related government office. The caller typically cites a routine update involving the National ID system and creates urgency to compel compliance. Victims are then instructed to install or update an application, sometimes through a direct download link or by enabling installation from unknown sources. This is where the danger escalates.

Scam Watch Pilipinas explains that once a malicious application is installed, especially if it’s an APK file sent via a link, messaging app, or email, the attacker can request extensive permissions. These may include screen access, accessibility control, notification reading, and even remote device management. If granted, the attacker can see what appears on the victim’s screen in real time, intercept one-time passwords, open banking applications, authorize transfers, and delete call logs or traces of the intrusion.

This type of attack does not require advanced technical hacking. It relies on social engineering. The victim is manipulated into granting access voluntarily. Once access is approved, the device can effectively be operated remotely. In many cases, the malicious app runs quietly in the background, making it difficult for the victim to detect that control has been compromised.

Scam Watch Pilipinas stressed one critical rule that the public must always remember. Never install an APK file sent by anyone through phone calls, chat messages, email, or social media. APK files are Android application packages that allow apps to be installed outside official marketplaces. While there are legitimate uses for APK files in development environments, they are also a common vehicle for malware distribution. Installing an APK from an unverified source removes the security screening provided by official app platforms.

Users are strongly advised to download applications only from verified sources such as the Google Play Store and the Apple App Store. These platforms conduct security reviews and malware scanning before apps are made available to the public. Even then, users should verify the developer name, check reviews, and ensure that the app corresponds to official government communications.

Scam Watch Pilipinas also reminds the public that no legitimate government agency will ask citizens to install software during an unsolicited call, to provide one-time passwords, to share banking credentials, or to grant screen-sharing access. Government agencies do not use free email accounts for official operations, and they do not conduct surprise biometric verification sessions through video conferencing platforms.

The eGovPH impersonation scheme serves as a warning that the weakest link in cybersecurity is not technology but trust. As mobile devices increasingly serve as wallets, ID storage, and access points to financial systems, the risk of unauthorized app installation continues to grow. Vigilance, skepticism toward unsolicited instructions, and strict adherence to official app sources remain the most effective defenses against full device compromise.

(The Scam Watch Pilipinas and TechWatch PH are both powered by Truth360 Inc.)