By virtue of the Republic Act 11934 also known as the “Sim Registration Act,” all individuals are required to register all SIMs, including those in card and electronic form, as a prerequisite to activation. Under the measure, users of all mobile devices, including prepaid broadband devices, must register their SIMs.
The law protects consumers against nefarious practices including scams, smishing, and other forms of online and mobile fraud. These have multiplied because criminals can use prepaid SIMs without registering any of their personal information, enabling them to do so anonymously and avoid detection.

All SIMs supplied by telcos, authorized distributors, or resellers are required by law to be in a deactivated condition and only become active if the SIM buyer registers the SIM on one of the recognized registration platforms.

The law’s Implementing Rules and Regulations (IRR) were released on December 12, 2022, and will go into effect 15 days later, on December 27, 2022.


A. Nature of the Attack

In contrast to the purpose of the law, CERT-PH has monitored a phishing campaign taking advantage of it.

In the malicious campaign that we observed, threat actors are sending phishing emails to their victims to verify their Virtual Wallet in accordance with Sim Card Registration. A malicious link is attached to the email, redirecting the user to a fake page of the Virtual Wallet.


B. Actions to be Taken

CERT-PH recommends the following actions be taken:

  • Stay cautious when opening an email. Do not click on suspicious links.
  • Do not provide personal information, especially account credentials to an unsolicited request.
  • Only follow the official Sim Registration Instructions provided by the Telco Companies.
  • Important Note: The Sim Card Registration starts on December 27, 2022. You may refer to the official Frequently asked questions provided by various telecom companies for the sim registration: