Detecting Deceptive Scams in GCash

As GCash acceptance grows larger, the incentive for bad people to take advantage of other people also becomes bigger. Scams are definitely easier to spread around now, as it’s easy to take advantage of technology. Oftentimes scammers can use different channels like SMS, social media, email, or chat apps to contact their victims. Digitization makes life easier for everyone, apparently even scammers.

Types of GCash Scams

Scams generally take advantage of fear and misdirection. In most cases, these are “phishing” scams — they trick the user into giving up the three pieces of personal information they need to hijack a user’s GCash account. These three pieces are:

  • GCash account number or your mobile number
  • MPIN
  • OTP / One-time-password sent to your mobile number

Some examples of scams are:

1. Email / SMS Phishing Scams

This type of scam is widespread, as it’s relatively easy to send a single message to multiple people at the same time. This message typically takes advantage of the fear or the greed of a user, using language that makes you paranoid or hasty. In turn, you give away your information unwittingly.

I wrote a blog post before that entails how a scammer can utilize this method. This has become such a huge problem that many banks have done away with clickable links in messages altogether.

Examples of email/SMS phishing scams that takes advantage of fear and paranoia can be:

Here are examples of emails/SMSs that appeal to a user’s greed:

Typically the scammer can also spoof/forge the sender’s email address or mobile number so that you think the message came from GCash. The message would typically also have a button or link that redirects you to a form where you input your information.

2. Messenger / Chat Phishing Scams

This is popular with unwitting victims in social media platforms like Facebook, Twitter, etc. The scammer typically uses the private messaging function of the platform to contact victims and take advantage of their vulnerability.

Some modus includes joining a Facebook group for GCash users, and looking for users who have issues with their accounts. They then impersonate GCash Support, take the user’s information and hijack the user’s account.

However these are easy to spot for more circumspect people because of the large amount of grammatical errors these scammers use. They are also not very good in English, which when compared to an actual support agent, they would come off as impostors or amateurs at best.

I’ve also delved about this same topic in this post.

An example of this can be:

3. KKB Scams

These scams involve the use of KKB, which is a GCash feature that allows a person to request money from multiple people. This scam is easier to perform as it does not need the user to give up his information and the scammer does not need to do a lot of technical stuff. The victim just needs to confirm the KKB request and send the money for the scam to succeed.

A common way scammers use this method is via “loan” requests. They prey on a person’s need or greed. Oftentimes the user needs to borrow money or he needs to join an “investment” and the scammer takes advantage by asking for collateral via the KKB feature. After he gets the collateral, the scammer does not reply to the borrower anymore.

Recent updates to the KKB feature make the scams harder to pull off as you now need to be Fully Verified to use KKB, and you need OTP to be able to send money via KKB.

Here is an example of a KKB request that is likely a scam:

4. SIM Swap Scam

This scam revolves around replacing the SIM card used by the victim using personal information also from the victim. Banks have had advisories regarding this particular scam, like in BDO for instance:

The scammer first gets personal information from the victim via call or chat, impersonating a telco support person. He then uses this information to then impersonate the victim and request for the disconnection of the victim’s phone line. He can then request for a replacement of the SIM card by presenting valid documents in the actual telco store.

Once he has the SIM card, he would have access to the victim’s one-time-password (OTP) functions of majority of apps, including financial and banking apps. For GCash, the only thing that he would need is the MPIN. He can again impersonate the victim by filing a ticket in GCash Support. Or he can also take a guess of MPIN as a lot of MPINs are actually birthdays or something as simple as “1111”.

This definitely involves the most preparation, but the payoff is also huge as the scammer will be able to take over all of your online apps and perhaps all of your money as well.

How to Prevent Becoming a Scam Victim

Hopefully the examples above would inform us of the different types of scams and would give us a familiar look when we do receive similar messages. The main way of being vigilant is to be critical of anything that is asked of us in all types of correspondences.

Also, we should remember that MPINs are private and no one, not even GCash personnel would ask this of you. Most of the time you would be contacting GCash Support and it’s not them contacting you.

If you are taken to an external site, always check the domain of the site itself if it seems legit or not. But the bottomline is, if you are not comfortable providing your information, then don’t proceed with sharing of any kind.

What do I do if I got scammed?

You can immediately report it to GCash Support, and have your account frozen before anything else. However, the chances that you would be able to retrieve your funds are low. What GCash would do is most likely they would be blacklisting the number so that they won’t be able to do any more scamming activities.

Can I report this as a Customer Protect case?

It depends on the circumstances. However you should first report at as soon as possible with as many pieces of evidence as you can.

How do I trace a scammer?

Once a scammer gets a hold of your account, he will be transferring funds from your wallet to his. You should be able to get SMS receipts of fund transfers and purchases he may have done using your account.

How do I get my money back from the scammer?

Realistically, the chances are bad that you will be able to get your funds back. If the scammer is an experienced one, he would have transferred his funds to dummy accounts after getting the funds from you.

However, if your case falls under Customer Protect, you may get at least a portion of your funds back.

How do I file a complaint with GCash Support?

You can either file a ticket from within the GCash Help Support in the app, or you can also accomplish this form. I recommend you add as many pieces of evidence as you possibly can.

Summary

Today’s widespread use of technology also makes it easier for scams to propagate. Typically victims are scammed via phishing using email or SMS, or through social media platforms like Facebook. However for GCash, KKB scams are also common.

To prevent scams, it is best to always question if the information we are giving out is warranted. GCash support will never ask for your MPIN.

If you’d like to learn more about GCash, I created a how-to on the basics of GCash.

Here is a list of links if you’re interested in the main GCash features:

2 thoughts on “Detecting Deceptive Scams in GCash”

  1. hello, gcash scam security,
    I would like to report the person name JADE DACAYO GCASH account number is 09356178065 . He is using fb account profile picture to use it to pretend she is your friend requesting money, I got scam this person today June 2, 2022 , in the amount of 10,000 pesos.
    I would like to request to your office to investigate this situation, and please hold the money
    of 10,000 pesos ,so that she cannot withdraw it right away. I am here in canada i sent this money thru RIA money remittance here in canada, the money went thru to metropolitan
    bank & trust company, paying agent, gcash metro manila NCR, 6393561478065.
    I hope you will give a rapid action this kind of scam.

    thank you,
    Archie

    Reply

Leave a Comment