Users of e-wallet platforms and online payment channels need to watch out for phishing scams that are getting more complicated, according to an electronic payment firm.

While e-wallet companies claim to double security measures through new features, they still expect users to be aware of the inventive breaches fraudsters use to obtain their personal information.

“Cybercriminals will continuously find ways to become more creative with their tactics and remain unsuspicious and realistic,” mobile payment service GCash said in a statement on Thursday.

“Even if you might think you are not worthy of being the target of online predators, being a technology user will always put you as a potential target of any attack,” it added.

“Doing your part to protect your e-wallet account only takes a simple action: Do not ever share your MPIN [mobile banking identification number] and OTP [one-time pin].”

On May 8, GCash customers reported unauthorized deductions from their digital wallets. After it received user complaints, GCash announced that any deduction from an account would be adjusted.

According to the National Privacy Commission, a meticulous phishing scheme through online gambling websites was to blame for these.

The TransUnion report said that about 71% of Filipinos surveyed in the fourth quarter of last year said that they had been targeted by digital fraud attempts across various communication channels. Among all those surveyed, 11% fell victim to such attempts during the same period.

Phishing and smishing (both at 46%) were the most commonly reported fraud schemes experienced by Filipino consumers, followed by third-party seller scams (33%) and identity theft (25%).


GCash has identified rampant phishing scams, its key characteristics, and pertinent reminders the public should be aware of.

Scammers have started disguising themselves as online gambling sites asking people to ‘top-up’ their credits using a fake yet believable e-wallet portal, getting the user’s credentials and accessing their account.

These suspicious gaming providers are not licensed by the Philippine Amusement and Gaming Corporation or PAGCOR.

Users are transported into a portal with a series of numbers in the beginning, misspelled words, and extra characters.

Users are advised to always check the URL or name of the link to make sure they are in a legitimate portal. These usually start with https:// and end in the official website address of the provider.

Another phishing scam involves scammers pretending to hail from legitimate financial institutions and making up negative consequences to encourage users to immediately give their sensitive information.

The scammer will hurriedly contact the user via phone call or message claiming to be an employee of the financial institution, informing them that their account is on hold or frozen until they release personal details.

E-wallet services will never ask you to activate your account through any other channel than their own.

Moreover, scammers have also started sending out text messages and emails with a seemingly legitimate link to gain the user’s credentials and access to their account.

These are being done in the form of ‘cashback’ or ‘raffle prizes’ where the user is invited to divulge their information to claim their ‘reward.’

“Any communication from an unexpected or unfamiliar sender with an offer that’s too good to be true is usually a phishing scam,” GCash said.

Any fraudulent activities targeting the user’s e-wallet account must be reported to the official help center of the service provider. — Miguel Hanz L. Antivola