An e-wallet firm advised its users against a new scam—phishing attacks disguised as hacking activities.
In an advisory, GCash said that perpetrators of cybercrimes have recently become “more creative” in executing both cybercrimes.
“As cybercriminals become more creative, some phishing attempts are now designed to appear as a hacking attack,” the firm said.
Phishing has been one of the leading types of cyber-related incidents since the pandemic lockdowns, wherein most Filipinos have shifted and adapted to digital platforms.
Last July, GCash listed online gambling, fake prizes and frozen accounts as the common schemes related to e-wallet services and digital banks.
Integrated hacking and phishing
GCash noted phishing and hacking are the same in terms of gaining unauthorized access to victims’ personal data.
Their execution, however, is different.
Hacking occurs when scammers gain illegal control over a device or a network to commit crimes.
Phishing, meanwhile, happens when scammers lure or bait victims to deceive them into giving their personal or sensitive information.
“In hacking, cybercriminals take advantage of vulnerabilities in devices and networks to gain access to sensitive information,” GCash said.
“On the other hand, phishing scams, derived from the word fishing, are designed to ‘bait’ victims so they will be tricked into giving sensitive information,” it added.
According to GCash’s monitoring, these are the steps how this scheme is done:
- Cybercriminals “phish” out information from thousands of users over the same period of time.
- These phished-out data will not be used immediately.
- Perpetrators will only start stealing funds after a certain period of time.
- They all also pilfer from the victims simultaneously.
- Victims will then think they were hacked because of the sudden loss of their funds.
GCash also posted an advisory about phishing scams on its Facebook account. Here, it advised members against giving out their one-time passwords (OTPs).
“Never share your OTP, lalo na sa mga nagpapanggap na GCash reps via text. Phishing scam yan!” the firm said.
In a separate statement, GCash also listed the following preventive tips against such phishing activities.
- Double up on security measures.
- Review the sender and the content of suspicious messages before responding or clicking links.
- Double-check the message that comes with a requirement to enter OTPs as supposed security features.
- Be wary of limited-time offers and urgent requests.
- Never share your OTP and MPINn (Mobile Personal Identification Number).
Citing data from the Cybercrime Investigation and Coordinating Center, GCash said that cybercrimes rose by a staggering 152% in the first half of 2023 compared to the same period last year.
The firm also pointed out that e-wallet applications have become an “easy” target for phishing attacks.
“For e-wallets, fraudsters may call or send a message via email, SMS or social media platforms pretending to be an employee or a company representative to get the victim’s Mobile Personal Identification Number (MPIN) and One-Time Password (OTP) or authentication code,” GCash said.