Were the Unauthorized GCash Transactions Due to a Security Breach?

The unauthorized GCash transactions impacted several users, amounting to millions of pesos cumulatively. We delve into what happened and how you can protect your finances.

With over 79 million GCash users to date, GCash has been the top-of-mind choice for Filipinos when it comes to getting prepaid load, paying bills at over 1,600 partner billers nationwide, purchasing from over 5.2 million partner merchants and social sellers, getting access to savings, credit, loans, insurance, and even investing money, among others—all of which can be done at the convenience of their smartphones.

However, just recently, many users found themselves facing an app that was not working. What’s more, some reported losses in their GCash accounts, thereby causing mass panic.

According to a report by ABS-CBN News, National Privacy Commission (NPC), specifically Complaints and Investigation Division Chief Atty. Michael Santos assured the public that there was no security breach. What’s more, he said that GCash was told to improve and strengthen its security measures so that such incidents will not happen again. 

The Complaints and Investigation Division Chief also pointed out that GCash may still have to answer to —even if the incident was not caused by a security breach.

The Root of the Unauthorized Transactions

Weeks after over 300 unauthorized transfers were made from several GCash accounts, the public has received an assurance that the incident was not due to a security breach. Instead, it is more likely that it was a phishing attempt.

“The incidents appeared to originate from a modus where those in the gambling site were made to believe they were reloading credits when in fact they were adding another device,” a report from ABS-CBN News states.

Atty. Santos further explained the users may have thought that they were entering the one-time PIN (OTP) in order to load their accounts without realizing they were actually adding another device instead. 

GCash, EastWest Bank’s Response to the Unauthorized Transactions

GCash has already assured the public that its systems were not hacked, according to a report by the Inquirer. It has also assured the affected users that, despite the unauthorized transactions that amounted to millions in pesos in total, there was “no fund loss.” 

As the unauthorized transactions were made by an East West Banking Corporation account ending in 5239, the bank has said that it is cooperating with authorities. The bank likewise said that it “immediately acted” on the reports and launched an internal investigation, according to Philstar Life

How to Protect Yourself from Phishing Attempts

Phishing is defined as “a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.” Unfortunately, it has become more rampant these days as our country digitizes more and more. 

The government is well aware of the problem, as it has been initiating efforts such as sim card registration in order to combat scammers and other phishing attempts. Meanwhile, GCash itself has introduced an added security feature on its part, too.

Given what has happened, the general public can defend itself from phishing scams by doing some practical security measures such as using multi-factor authentication, backing up your data, and using security software. 

It is also important to be critical of all links you receive whether via email or text message. Always remember not to click links unless you are 100% certain that it is legit and coming from the official communication channels of the company you’re dealing with.