now loading...
Wealth Asia Connect Middle East Treasury & Capital Markets Europe ESG Forum TechTalk
TechTalk / Treasury & Capital Markets
Philippines’ biggest e-wallet hit by massive phishing attempt
GCash says funds remain intact and secure after thousands report unauthorized transfers
Patricia Chiu 10 May 2023

Thousands of mobile wallet users in the Philippines raised an outcry over unauthorized transactions from their accounts on Tuesday, prompting the country’s biggest digital payment app GCash to pause services for several hours to investigate what it described as a massive phishing attempt.

According to the affected users, amounts ranging from several hundred pesos to 50,000 pesos (US$897) were siphoned off their accounts, despite them not receiving a one-time password (OTP) to authorize the transfers. Users took to social media to report the separate incidents, and a pattern emerged that showed the funds were transferred to two distinct bank accounts, one in EastWest Bank and the other in Asian United Bank (AUB).

Following the restoration of the service, GCash released a statement saying it has “adjusted the e-wallets of all affected GCash users”. 

“Rest assured, your funds are intact, safe and secure with GCash. Our proactive cybersecurity policies are in place to protect our customers as the safety and security of your account is our top priority,” a spokeswoman for GCash says. 

However, the e-wallet, which has over 81 million customers, did not provide an explanation for how the attack was carried out, or why the transactions pushed through despite the lack of OTP. 

Security breach

In a television interview, a GCash executive denied that the e-wallet was hacked, and said instead that it was a massive phishing attempt which the e-wallet was able to prevent. 

Gilda Maquilan, vice president for corporate communications for GCash, says a link was sent out to the affected users. Upon clicking the link, users were redirected to a request to link a device to their GCash accounts. From that point on, user information was compromised. 

Meanwhile, EastWest Bank and AUB say they are independently investigating the security breach. Both banks are coordinating with GCash and law enforcement authorities to dig deeper into what exactly transpired. 

GCash, a wholly owned unit of the country’s largest mobile network Globe Telecom, enjoyed a massive boom in users during the early part of the coronavirus pandemic, when strict social-distancing measures were implemented in response to the health emergency.

From around 20 million users pre-pandemic, it now has over 80 million users or over 83% of the country’s total adult population by March 2023.  In addition to its original e-wallet service, it also now offers a full range of fintech solutions, including loans, insurance and investments, both developed in-house and offered in coordination with third-party partners. 

Conversation
Kelvin Lim
Kelvin Lim
executive director, syndicated finance
DBS
- JOINED THE EVENT -
In-person roundtable
Beyond Covid: Emerging trends in a changing lending landscape
View Highlights
Conversation
Munirah Khairuddin
Munirah Khairuddin
chief executive officer & country head
Principal Malaysia
- JOINED THE EVENT -
6th Global Islamic Finance Issuers and Investors Leadership Dialogue
Marking time as new opportunities emerge
View Highlights
TechTalk / Treasury & Capital Markets
Igloo adds partners to expand in Vietnam
TechTalk / Treasury & Capital Markets
Crypto spot ETFs to start trading in Hong Kong on April 30
TechTalk / Viewpoint
AI needs watchdog with enforcement powers
About Us Subscriptions Terms of Use Privacy Policy Contact Us
© 2024 Asset Publishing and Research Limited. All Rights Reserved.