The Bangko Sentral ng Pilipinas (BSP) confirmed that the recent GCash incident of unauthorized fund transfers was the result of a phishing attack, rather than hacking. While the affected users had their money returned, a portion of the stolen funds remains unrecovered, said the central bank.
BSP Governor Felipe Medalla emphasized the need for vigilance and urged users to refrain from sharing their one-time passwords (OTPs). It is, after all, the last line of defense against such scams.
Fraudsters behind the GCash phishing incident successfully tricked victims into revealing their OTPs, according to BSP Governor Felipe Medalla. Speaking at the 23rd Financial Stability Board-Regional Consultative Group in Asia Meeting in Mactan, Cebu, Medalla clarified that this was not a hacking incident but rather a case of scammers exploiting users’ greed and trust.
Medalla acknowledged that the security features of local digital payment platforms, including GCash, are generally satisfactory. However, he highlighted the importance of user awareness and cautioned against falling for the tactics employed by scammers. Sharing insights, he stated, “The scammers will use your own greed… The only way that will happen is if there’s somebody talking to you on the other side that’s very convincing.”
When the GCash authorities detected the scam, a significant portion of the stolen funds remained in two bank accounts. GCash promptly traced these accounts, with Asia United Bank and East West Banking Corp. freezing the involved accounts. As a result, approximately 80 percent of the stolen amount has been successfully returned to GCash users.
The GCash phishing incident has shed light on the importance of user vigilance in protecting personal financial information.
Looking ahead, the BSP is now focused on investigating the legal liability of the owners of the bank accounts that received the unauthorized fund transfers.