Many GCash accounts were sending small amounts or transfers to only two bank accounts - one in East West Bank and one in AUB.
The good thing is, GCash detected and stopped the unauthorized transfers.
But how did this happen?
A thread 🧵
As a heavy GCash user, I asked a lawyer friend who specializes in Fin Tech to know what really happened and if it’s still safe to use GCash. This is what he said:
1. GCash was not hacked. Most if not all of the accounts involved were accounts that had been victims of phishing.
Phishing is the use of fake news articles or other baits to trick victims into clicking on a malicious link where one’s data is fished.
In the case of today’s phishing attempt, most accounts involved those who were active in online game links or casinos.
Have you seen ads from emails or websites that tease you to play a slot machine or a game to bet on? Recently, that is a common avenue for phishing attempts - where they can get your mobile number and PIN.
So DON’T CLICK on random links from sources you don’t know or trust. Always be skeptical of links in emails or other websites. Click only if you know what you’re clicking and never share your mobile number or PIN in exchange for any “online reward.”
2. GCash is secure because it can detect patterns and assess whether transactions are actually genuine or not.
This includes detecting if your GCash account is being logged in to a new device, suspicious multiple transfers to a single account (like what happened today), etc.
3. GCash handles millions of accounts and billions of pesos. The accounts that were compromised today don’t even number in the millions
4. It’s easier to return any stolen amount if it’s transferred to a bank account because the identity should be known to East West Bank and AUB
Personally, I’ve been using GCash for 3 years now and I have not encountered any security issue or unauthorized transfers.
I would like to think that’s because I’m very skeptical of any links or phishing attempts and I always double check my GCash transactions and…
…regularly update my security settings - from PINs to OTPs to biometrics.
This doesn’t mean everything is perfect and nothing bad can happen to GCash or to my own account.
But the safety and security of GCash is like any other online bank or credit card…
… - if you’re details are phished, it’s easy to be a victim of unauthorized transactions.
So for today, the lesson I get from my Fin Tech lawyer friend is to AVOID getting PHISHED.