In the past, text scammers would claim to be a relative of the OFW using their new roaming number and ask for prepaid load, or pretend to have sent the load credits by mistake and ask you to return them. While we still get our share of text scams from time to time, many of us associate these messages with fraud and simply ignore them.
But as the use of e-wallets and online payment channels became more popular and necessary, scams grew more sophisticated. A common scam is done through phishing, where a fraudster collects personal information such as MPINs and OTPs, and uses it to access accounts and steal user funds.
Targeting users of leading e-wallet platforms, phishing scams occur not only through text messages, but also through call and social media platforms. While trusted financial institutions like GCash double their security measures through security features like DoubleSafe Face ID against cybercrimes, it’s also helpful to be aware of new scams, how they work, and warning sign to catch them early. Here are the most common phishing scams that e-wallet users should look out for:
- ‘Top-up for online gambling’ phishing scam
It’s very tempting to earn extra income while having fun, but that can backfire if you find yourself a victim of scammers posing as online gambling sites. This phishing scam involves fraudsters taking players to a non-PAGCOR licensed gaming provider, where they will be asked to ‘top-up’ using a fake GCash portal, often using the same layout, color and logos, to get the credentials and access the victim. account.
How do you see it?
If you create an account with suspicious gambling sites, you will be given the option to use your GCash account to top up your account. You will be redirected to a fake website that looks like a GCash portal, and prompted to enter your mobile number, OTP and MPIN. Once you provide your information, hackers can access your account.
How do you stop it?
When asked to link your GCash account, always check the URL or name of the link to make sure you are on the GCash portal. Legitimate GCash portals start with https:// and only end with ‘gcash.com’ while suspicious portals may have a series of numbers at the beginning, extra characters, and misspelled words ( eg Gccash vs GCash).
When asking for an OTP, always read the SMS to make sure you didn’t unknowingly link a foreign device to your account. Never share your MPIN and OTP with anyone, including dubious online gaming sites.
- ‘Your account has been suspended’ phishing scam
While there are scams that take advantage of various forms of entertainment, there are also those that cause panic and simulate emergency situations. The ‘Your account is on hold’ phishing scam involves fraudsters pretending to be from legitimate financial institutions and creating negative consequences to encourage users to immediately provide their sensitive information.
How do you see it?
The fraudster will contact you, through a phone call or social media platform, and claim to be a GCash employee, telling you that your account is on hold or frozen. They will then tell you that you can only activate your account by sharing your MPIN and OTP. Once they have this information, they can gain access to your account and steal your funds.
How do you stop it?
GCash will never ask you to activate your account through a phone call or through messaging applications. All transactions are done only through the official GCash app, including resolving concerns related to your account.
If a notification feels rushed, it’s probably a phishing scam! First check your account through the GCash app to confirm if it’s really on hold and don’t share your MPIN and OTP with anyone – even those claiming to be from GCash. Remember that GCash will never ask these details from you..
- ‘You won a prize!’ Phishing Scam
Do you remember those text scams of the past that told potential victims they had won a raffle and asked them to send a processing fee to claim a prize? Similarly, a third phishing scam also informs potential victims that they have won prizes in a GCash raffle that they did not participate in. However, instead of asking them to pay, it involves using a seemingly legitimate link to get your credentials and access your account.
How do you see it?
The scammer, pretending to be from GCash, will send you an SMS or email saying you’ve won a reward, cashback or prize. You are directed to click on a link to claim the prize, leading to a fake website that looks like a GCash portal. Once you enter your mobile number, MPIN and OTP, your account can be accessed by cyber criminals.
How do you stop it?
Remember that GCash will never send links via SMS, email and messaging apps and all legitimate rewards and promos will only be announced through the official GCash app, so don’t click on links and don’t share your MPIN and OTP to anyone. Always make a habit of checking any SMS or email you receive. Any communication from an unexpected or unfamiliar sender with an offer that sounds too good to be true is usually a phishing scam.
Cybercriminals are constantly looking for ways to be more creative in their tactics and remain unsuspicious and realistic. Even if you think you don’t deserve to be a target of online predators, a technology user will always make you a potential target of any attack, especially if you are one of the millions of user base with a leading e-wallet app like GCash.
Fortunately, you have one of the best defenses against any phishing scam: you. Now that you know what the most common phishing scams are, doing your part to protect your e-wallet account requires only one simple action: Never share your MPIN and OTP.
If you encounter phishing scams and fraudulent activities targeting your GCash account, you can report it by visiting the official GCash Help Center at help.gcash.com/hc/en-us or messaging Gigi on the website and type, “I want to report a scam.”
