This past week, how many text messages or calls have you received from a number you don’t recognize?
If it used to be just advertisements, notice the increase in suspicious messages with links and people pretending to offer prizes. With so many types of online scams experienced by Filipinos, thousands are still victims because the fraudsters are getting better at hiding their fraud.
With the popularity of the e-wallet in the Philippines, it has become a new target for scammers to obtain users’ information and access their accounts. In a so-called phishing scam, the scammer often pretends to be a legitimate business, website, or employee in order to quickly obtain all the information needed to login to the victim’s account. If it used to happen only through text or email, now it’s social media, calls, and fake websites.
To protect users against scammers, GCash, the leading e-wallet app, has strengthened its security features. It introduced DoubleSafe Face ID, where apart from OTP and MPIN a selfie is also required to access GCash. Despite this, it is also important for all users to know what phishing scams are spreading and how to avoid them.
- ‘Top-up for online gambling’ phishing scam
Online gambling sites are very popular nowadays, so scammers often use them to prey on e-wallet users. In this phishing scam, you will be taken to a fake GCash website where your OTP and MPIN will be taken.
The mode:
After creating an account on the fake gambling site, you will be linked to your GCash account so you can top up. You will be taken to a fake GCash website where you will be asked to enter your mobile number and MPIN. You will also receive a text with an OTP to link your GCash account on another device. The moment you provide your information, scammers can access your account to steal your money.
How to avoid it:
When linking your GCash account, check the URL or link name carefully to make sure you are on the real GCash website. The legitimate GCash website starts with https:// and ends with ‘gcash.com.’ On the other hand, fake GCash portals may have consecutive numbers at the beginning, extra characters or misspellings (ex. Gccash vs GCash).
When asking for an OTP to make a payment, also read the text carefully to make sure you haven’t linked your GCash account to another device. Do not share MPIN and OTP with others, especially with fake online gambling sites.
- ‘Your account has been suspended’ phishing scam
In this phishing scam, scammers pretend to be representatives of companies and pretend to have an emergency to get victims to quickly provide their information.
The mode:
You will receive a call, text or social media message from an account pretending to be a GCash employee and tell you that your GCash account has been frozen or put on hold. It will offer help to activate your account, but it will ask for your mobile number, MPIN and OTP. Once they have the necessary information, they can open your GCash account and empty it of money.
How to avoid it:
GCash will never ask to activate your account via call, text or chat. Always remember that all legitimate transactions will only be done on the official GCash app, including resolving your account concerns.
If you’re in a hurry, it’s probably a phishing scam! Check the GCash app first to check your account status, and do not share the MPIN and OTP with anyone – even people who identify themselves as GCash employees. Remember, GCash will never ask you for this information.
- ‘You won a prize!’ phishing scam
In the third phishing scam, scammers make you believe that you have won rewards or prizes from GCash even though you did not participate in a raffle. They will give you a link to retrieve your information and use it to access your account.
The mode:
In this scam, someone pretends to be a GCash representative and sends a text or email saying you’ve won a reward, cashback or prize. You will also be given a link to claim the prize, but it will take you to a fake website that looks like a GCash portal. Once you enter your mobile number, MPIN and OTP, they can access your GCash account.
How to avoid it:
Always remember that GCash does not send links via text, email and messaging apps. Currently, GCash does not have an official rewards program. All legitimate promos can only be found within the official GCash app so don’t click on the links and don’t give the MPIN and OTP to anyone. Make it a habit to read the texts or emails you receive, especially messages from unexpected or unknown senders.
