According to the National Privacy Commission (NPC), which conducted an investigation on the “missing funds” of some GCash users, reports of unlawful withdrawals from the e-wallet company were caused by phishing attempts.
Phishing is the practice of tricking someone into disclosing sensitive information, either by asking them to enter personal information into phony websites or applications or by secretly installing spyware — a sort of harmful software that steals sensitive information — on their computers.
The report, which was shared earlier this week, dispelled prior claims of some quarters that the online platform had been hacked.
A mobile phone with the GCash app (IMAGE CREDIT: www.gcash.com)
The data privacy watchdog also stated that this was based on an independent investigation it started last May 9 to ascertain the scope of the reported unlawful withdrawals and assess whether personal data had been stolen. The NPC was also looking into potential violations of the Data Privacy Act of 2012 and other infractions by GCash.
In a press statement, NPC Commissioner John Henry Naga said, “After a careful investigation, we have determined that the unauthorized transactions in GCash accounts were the result of a meticulous phishing scheme. Unknown threat actors exploited unsuspecting GCash customers by launching a phishing campaign that uses online gaming websites like ‘Philwin’ and ‘tapwin1.com.”
The NPC further stated that it was dedicated to encouraging a safe and secure online environment for all Filipinos, but it cautioned everyone to be on the lookout for phishing scams.
How it began: reports of unauthorized deductions
Nearly three weeks ago, reports of unauthorized deductions appeared on social media, causing public outrage and feeding anxieties about the security of utilizing the well-known e-wallet platform, which has 81 million users.
GCash claimed that after realizing this, it took action and extended the time allotted for its scheduled maintenance, which adversely affected millions of Filipinos who depended on the app for everyday commutes, bill payments, and even online shopping.
According to a senior official from Globe who spoke on condition of anonymity, the total amount of questionable transactions was first assessed to be P37 million.
The same representative said they observed a series of “suspicious” transactions being transferred from GCash to just two accounts — one at East West Bank and the other at Asia United Bank— which led to the firm issuing a freeze order.
Since then, GCash has released a statement blaming phishing attacks and warning that some users may have unintentionally provided their personal information to dubious websites posing as well-known companies or organizations. The company said that within 24 hours, it was able to restore the impacted clients’ original account balances.
More security measures put in place
In order to stop a repeat of the occurrence, GCash said that it has implemented more security measures to stop hackers from unauthorized account takeovers. In a statement, the e-wallet company claimed that all of its verified users already have access to the “DoubleSafe” Face ID feature.
Every time a user logs in for the first time on a new device, it is active. It is supported by facial recognition and prohibits hackers from accessing the account even if they have the user’s mobile PIN and one-time PIN.
According to Pebbles Sy, chief technology and operations officer of GCash, “The face recognition feature is integrated into the app and doesn’t require high-end smartphones. Given the frequency of phishing efforts outside of the app, we made sure that every one of our verified user bases would have access to this security feature.”
In addition, GCash claimed that it has been thwarting accounts and websites that have been detected engaging in fraudulent behavior, such as phishing.
The e-wallet service provider reported that in the first four months of this year, it had blocked 3.1 million accounts, 722 phishing websites, and 38,000 illicit social media posts.