In the recent past, text scammers would claim to be an OFW relative using their new roaming number and ask for prepaid load, or pretend to mis-send load credits and ask you to return them. While we still get our share of text scams from time to time, a lot of us already associate these messages with fraud and simply ignore them.

But as the use of e-wallets and online payment channels have become increasingly popular and indispensable, scams have evolved to be much more sophisticated. A common scam is done through phishing, wherein a fraudster gathers personal information like MPINs and OTPs, and uses this to gain access to accounts and steal the funds of the user.

Targeting users of leading e-wallet platforms, phishing scams happen not just through text messages, but also through call and social media platforms. While trusted financial institutions such as GCash double up on their security measures through security features such as DoubleSafe Face ID against cybercrimes, it is also helpful to be aware of new scams, how they work, and warning signs to catch them early. Here are common phishing scams e-wallet users should look out for:

‘Magtop-up para sa online gambling’ phishing scam

It’s very tempting to earn extra income while having fun, but that could be the opposite if you find yourself a victim of scammers that pose as online gambling sites. This phishing scam involves fraudsters leading players to a non-PAGCOR licensed gaming provider, where they will be asked to ‘top-up’ using a fake GCash portal, often using the same layout, color and logos, to retrieve credentials and access the victim’s account.

How do you spot this?

When you create an account with suspicious gambling sites, you will be given the option to use your GCash account so you could top up your account. You will be redirected to a fake website that looks like a GCash portal, and will be prompted to enter your mobile number, OTP and MPIN. Once you’ve provided your information, hackers will now be able to access your account.

How could you stop this?

Remember that GCash will never send links via SMS, email and messaging apps and all legitimate rewards and promos will only be communicated through the official GCash app, so never click on links and never share your MPIN and OTP to anyone. Always make it a habit to check any SMS or email you receive. Any communication from an unexpected or unfamiliar sender with an offer that’s too good to be true is usually a phishing scam.

Cybercriminals will continuously find ways to become more creative with their tactics and remain unsuspicious and realistic. Even if you might think you are not worthy of being the target of online predators, being a technology user will always put you as a potential target of any attack, especially if you’re one of the millions of user base of a leading e-wallet app like GCash.

Fortunately, you have one of the best defenses against any phishing scam: you. Now that you are aware of how common phishing scams work, doing your part to protect your e-wallet account only takes a simple action: Do not ever share your MPIN and OTP.

If you encounter phishing scams and fraudulent activities targeting your GCash account, you may report by visiting the official GCash Help Center at help.gcash.com/hc/en-us or messaging Gigi on the website and typing, “I want to report a scam.”