The Department of Information and Communications Technology (DICT), together with the Cybercrime Investigation and Coordinating Center (CICC) and the National Telecommunications Commission (NTC), is currently investigating the unauthorized deductions on GCash accounts. The investigation aims to determine whether the incident was a result of a security breach or phishing attacks.
In a recent Laging Handa briefing, DICT Secretary Ivan John Uy shared that the department has received several complaints from different individuals regarding the issue. He added that they are trying to determine whether it was a breach, leak, hack, or phishing.
GCash, however, announced on Tuesday that the deductions were due to phishing attacks on its users. Cybercriminals allegedly acquired login credentials of GCash users to access their accounts. An investigation conducted during scheduled maintenance found no evidence of hacking, it said. Any deduction from a GCash account was to be adjusted before 3 p.m. that day.
If the DICT’s investigation finds lapses in GCash’s security, recommendations will be made to improve its cyber-security infrastructure and personnel to ensure the public’s safety.
For users affected by similar attacks, he advised filing a claim for lost funds with GCash. If the loss was GCash’s fault, they should pay for it. But if it’s because of user actions, GCash has no responsibility since it was the user who gave access to an unauthorized person.
The investigation is ongoing, and the public is advised to remain vigilant and take necessary precautions to protect their online accounts from unauthorized access.