Over the last few weeks, a significant number of users of the biggest mobile wallet in the Philippines – GCash, expressed their concerns and frustration about unauthorized transactions from their accounts. This led the leading digital payment app to temporarily pause its services for a few hours, so it could conduct an investigation into what it claimed to be a massive phishing attack.

Phishing Attack or Not?

Many GCash users reported numerous unauthorized transactions up to $900 without receiving a one-time password (OTP) for authorization. Due to this, GCash’s customers became really concerned and were looking for answers.

On the social media portals, you can find many complaints. However, all of the complaints showcase a consistent pattern where funds were transferred to two specific bank accounts – one in EastWestBank and the other in Asia United Bank.

After the incident, GCash paused its services so it could overcome the issue and investigate what happened. However, after the e-wallet restored its services, it came out with a statement, but it looks like it wasn’t exactly what customers expected.

GCash said that the e-wallets had been adjusted and that users had no place to worry. They continued the statement by ensuring customers that their funds were secure and intact, as they prioritized the safety and security of the user accounts.

Unfortunately, GCash didn’t provide any detailed explanation about the attack or how the unauthorized transactions occurred without OTP verification.

Keep Reading

A bit later, GCash’s Vice President for Corporate Communications, Gilda Mquilan, was part of a TV interview. During the interview, she refused the claims of a hack and highlighted that the incident was an unsuccessful phishing attempt.

Mquilan explained that the targeted users received a link, which they clicked, and, therefore, got to a device linking request. Due to this, the cybercriminals compromised their confidential information, but GCash managed to solve the issue and prevent more significant harm to e-wallet users.

As two banks were part of the security breach, both AUB and EastWestBank have undergone independent investigations. Both banks collaborate with GCash and law enforcement authorities so they can go into more detail about what caused this issue.

What surprised many users was the fact that GCash is a relatively reliable company. During the Covid-19 pandemic, it gained a significant amount of users, which reached a total of 80 million, which are 83% adults, by March this year. Additionally, GCash doesn’t offer only its e-wallet service. It also comes with fintech solutions, such as insurance, loans, and investment. All of their services are developed by them, and they collaborate with third parties.

Is GCash Safe?

In the wake of the recent cyberattack on GCash, many users are looking for more secure alternatives. One contender that has caught the attention of many is Neteller, an international online money transfer service. As a veteran in the digital wallet industry, Neteller boasts advanced security measures, including 2-step authentication, anti-phishing tools, and identity verification procedures.

Given the recent events, many Filipinos may consider switching to or adding Neteller as an additional security layer for their online transactions. This might include shopping on international e-commerce sites, sending money abroad, gaming in the best Neteller casinos, or even just managing everyday expenses with more confidence in the funds’ security.

However, although GCash faced unauthorized transactions, the platform itself didn’t experience any system breaches. The company claims that the leading cause of this issue is due to users, not GCash vulnerabilities.

Unfortunately, many people are unaware of the phishing scams and mistakenly open links that seem like GCash sent them. Therefore, users mistakenly held GCash accountable for their financial losses. As a result, the platform is now facing reputational damage.

But, as GCash is a reliable company, they tried to raise awareness by organizing campaigns that should educate users and the public overall about the signs of phishing scams. GCash states that users must verify the authenticity of all websites they use, and if they’re unsure about something, they should contact them directly by using the official phone numbers and email addresses.

After this rocky journey GCash and its users have had over the last few days, the company’s primary goal these days is to teach its users how to protect themselves from being victims of such scams and reduce and avoid future similar attacks.