As GCash acceptance grows larger, the incentive for bad people to take advantage of other people also becomes bigger. Scams are definitely easier to spread around now, as it’s easy to take advantage of technology. Oftentimes scammers can use different channels like SMS, social media, email, or chat apps to contact their victims. Digitization makes life easier for everyone, apparently even scammers.
Types of GCash Scams
Scams generally take advantage of fear and misdirection. In most cases, these are “phishing” scams — they trick the user into giving up the three pieces of personal information they need to hijack a user’s GCash account. These three pieces are:
- GCash account number or your mobile number
- OTP / One-time-password sent to your mobile number
Some examples of scams are:
1. Email / SMS Phishing Scams
This type of scam is widespread, as it’s relatively easy to send a single message to multiple people at the same time. This message typically takes advantage of the fear or the greed of a user, using language that makes you paranoid or hasty. In turn, you give away your information unwittingly.
Examples of email/SMS phishing scams that takes advantage of fear and paranoia can be:
Here are examples of emails/SMSs that appeal to a user’s greed:
Typically the scammer can also spoof/forge the sender’s email address or mobile number so that you think the message came from GCash. The message would typically also have a button or link that redirects you to a form where you input your information.
2. Messenger / Chat Phishing Scams
This is popular with unwitting victims in social media platforms like Facebook, Twitter, etc. The scammer typically uses the private messaging function of the platform to contact victims and take advantage of their vulnerability.
Some modus includes joining a Facebook group for GCash users, and looking for users who have issues with their accounts. They then impersonate GCash Support, take the user’s information and hijack the user’s account.
However these are easy to spot for more circumspect people because of the large amount of grammatical errors these scammers use. They are also not very good in English, which when compared to an actual support agent, they would come off as impostors or amateurs at best.
I’ve also delved about this same topic in this post.
An example of this can be:
3. KKB Scams
These scams involve the use of KKB, which is a GCash feature that allows a person to request money from multiple people. This scam is easier to perform as it does not need the user to give up his information and the scammer does not need to do a lot of technical stuff. The victim just needs to confirm the KKB request and send the money for the scam to succeed.
A common way scammers use this method is via “loan” requests. They prey on a person’s need or greed. Oftentimes the user needs to borrow money or he needs to join an “investment” and the scammer takes advantage by asking for collateral via the KKB feature. After he gets the collateral, the scammer does not reply to the borrower anymore.
Recent updates to the KKB feature make the scams harder to pull off as you now need to be Fully Verified to use KKB, and you need OTP to be able to send money via KKB.
Here is an example of a KKB request that is likely a scam:
4. SIM Swap Scam
This scam revolves around replacing the SIM card used by the victim using personal information also from the victim. Banks have had advisories regarding this particular scam, like in BDO for instance:
The scammer first gets personal information from the victim via call or chat, impersonating a telco support person. He then uses this information to then impersonate the victim and request for the disconnection of the victim’s phone line. He can then request for a replacement of the SIM card by presenting valid documents in the actual telco store.
Once he has the SIM card, he would have access to the victim’s one-time-password (OTP) functions of majority of apps, including financial and banking apps. For GCash, the only thing that he would need is the MPIN. He can again impersonate the victim by filing a ticket in GCash Support. Or he can also take a guess of MPIN as a lot of MPINs are actually birthdays or something as simple as “1111”.
This definitely involves the most preparation, but the payoff is also huge as the scammer will be able to take over all of your online apps and perhaps all of your money as well.
How to Prevent Becoming a Scam Victim
Hopefully the examples above would inform us of the different types of scams and would give us a familiar look when we do receive similar messages. The main way of being vigilant is to be critical of anything that is asked of us in all types of correspondences.
Also, we should remember that MPINs are private and no one, not even GCash personnel would ask this of you. Most of the time you would be contacting GCash Support and it’s not them contacting you.
If you are taken to an external site, always check the domain of the site itself if it seems legit or not. But the bottomline is, if you are not comfortable providing your information, then don’t proceed with sharing of any kind.
What do I do if I got scammed?
You can immediately report it to GCash Support, and have your account frozen before anything else. However, the chances that you would be able to retrieve your funds are low. What GCash would do is most likely they would be blacklisting the number so that they won’t be able to do any more scamming activities.
Can I report this as a Customer Protect case?
It depends on the circumstances. However you should first report at as soon as possible with as many pieces of evidence as you can.
How do I trace a scammer?
Once a scammer gets a hold of your account, he will be transferring funds from your wallet to his. You should be able to get SMS receipts of fund transfers and purchases he may have done using your account.
How do I get my money back from the scammer?
Realistically, the chances are bad that you will be able to get your funds back. If the scammer is an experienced one, he would have transferred his funds to dummy accounts after getting the funds from you.
However, if your case falls under Customer Protect, you may get at least a portion of your funds back.
How do I file a complaint with GCash Support?
You can either file a ticket from within the GCash Help Support in the app, or you can also accomplish this form. I recommend you add as many pieces of evidence as you possibly can.
Today’s widespread use of technology also makes it easier for scams to propagate. Typically victims are scammed via phishing using email or SMS, or through social media platforms like Facebook. However for GCash, KKB scams are also common.
To prevent scams, it is best to always question if the information we are giving out is warranted. GCash support will never ask for your MPIN.
If you’d like to learn more about GCash, I created a how-to on the basics of GCash.
Here is a list of links if you’re interested in the main GCash features: