MANILA, Philippines – A fraudster was behind the anomalous transactions that affected the accounts of multiple GCash users the past two days, according to initial investigations.

GCash examined the logs of the actions of the fraudster and found that a link was sent out to several users. Those who clicked on it would receive a request to link a device. From that point on, the fraudster was able to phish information from customers. 

“When they were able to access the link, information from their device were phished. ‘Yun ‘yung phishing natin (That’s what we call phishing). Any activities from then on, nakikita ng ating mga fraudster (the fraudster could see). Ang ginawa niya (What he did was), he requested to link a device,” Gilda Maquilan, vice president for corporate communications of GCash, told the ABS-CBN News Channel (ANC) on Wednesday, May 10.

“When you were able to link that, you can make your transaction. ‘Yun naman ‘yung ating (That’s the) regular process to access the GCash. You have to have the MPIN, and you have to have the OTP, which the fraudster was able to acquire,” she explained in the interview on ANC’s Headstart.

Maquilan also confirmed that there was “definitely no hacking.” The impact would have been bigger had there been a hacking incident, she said. As it stands, less than a thousand users of GCash’s 81 million customer base was affected, although Maquilan declined to give an exact figure given that the investigations were still ongoing.

Several GCash users complained about deductions to the balance of their accounts on Monday, May 8. Affected users reported that funds were transferred from their accounts to accounts in EastWest Bank and Asia United Bank (AUB).

Following this, GCash conducted a “preventive maintenance” to investigate the complaints and restore the account balances of affected users. During this period, the app remained inaccessible for several hours. The app was back online in the afternoon of Tuesday, May 9.

Maquilan explained that although funds were indeed transferred from the accounts of some users to other banks, the money remained “intact” because GCash managed to trace and return amounts back to customers.

“When we mentioned that no funds were lost, the money is intact, because we were able to trace kung nasaan ‘yung pera (where the money is). It was intact doon sa partners natin (with our partners),” Maquilan said. “Because of our safety protocol and coordination with the bank, naibalik ‘yan (the money was returned). ‘Yun po ‘yung meaning namin na (That’s what we mean by) the money was intact.”

EXPLAINER: What is digital fraud and how do you protect yourself from scams?

Following the incident, GCash underscored that it was “safe,” even as it continues to battle fraudsters and scammers. Maquilan also mentioned that bad actors were taking advantage of the recently extended SIM registration.

“Meron tayong (We had a) deluge of text messages. Even the fraudster took advantage of our SIM registration. Not only that, there are also merchant sites that say they are a certain brand. So, when you do your transaction there, hindi mo alam na meron na palang phishing na nagaganap (you don’t realize that phishing is already occurring),” Maquilan said.

(READ: Marcos signs SIM Card Registration Act. Will it really stop scammers?)

Maquilan said that GCash continues to upgrade its security mechanisms and technologies, including its launch of its “double safe” feature. In addition to requesting an OTP and MPIN when linking a device, the app may also request users to pass a facial recognition test.

“Ang kalaban natin ay scammer and fraudster, at hinuhuli po natin ‘yan. We work closely with PNP [Philippine National Police] and NBI [National Bureau of Investigation], at meron po kaming nahuhuli. So ‘yung mga fraudster and scammers na ‘yan, we will really run after you,” she said.

(Our real enemies are scammers and fraudsters, and we’re going after them. We work closely with the PNP and NBI, and we’re able to catch some of them. So, to those fraudsters and scammers, we’ll really run after you.)

In a separate statement, Globe reported that it had blocked 4.07 million malicious bank-related messages in the first quarter of the year, 2.7% higher than the number of malicious messages from the previous year. In the span of a year, Globe blocked 85 million bank-related spam and scam messages, which formed part of the record-high 3 billion scam and spam messages filtered by the telco between January 2022 and January 2023. – Rappler.com