Do You Use Payment Apps (Gcash or Paymaya)

**BratPAQ** · May 9th, 2023 12:49 PM

Originally Posted by _Cathy_

I used to leave P10k but now P5k na lang. I'm not comfortable leaving over P20k in my gcash, kung prepaid, I won't leave a balance.

I checked my account okay naman

Sent from my SM-N960F using Tapatalk

Offline pa rin sa kin. Hindi ko alam kung nakuha na yung 90 pesos ko. [emoji23]

**shadow** · May 9th, 2023 02:06 PM

Originally Posted by glenn_duke

They were baited thru emails that being a loyal gcash user they were given gifts and ask to log in to claim their gifts. They will ask for the OTP to finalise redemption of your gift.

Since yesterday gcash now require to log in using face recognition no more pin, the hacker have change the pins of the compromised accounts.

I also received the spam email, its already a red flag because o it was sent to an email account I dont use for online banking.

Dapat lang para sa mga engot makuha pera nila sa gcash.

If sa mga senior nangyari I will understand pero pag sa mga working adult na adept sa internet saka lahing gumagamit ng socmed na mabiktima ng Phishing eh buti nga sa kanila.

Sent from my iPhone using Tapatalk

**dreamur** · May 9th, 2023 02:06 PM

I received a refund for food ordered (and eaten) last April 26 pa. Now the balance wouldn't show up on the app. [emoji848]

Click image for larger version.

Name: Screenshot_20230509_130358_GCash.jpg
Views: 0
Size: 40.0 KB
ID: 44015

Sent from my SM-S908E using Tsikot Forums mobile app

**_Qwerty_** · May 9th, 2023 02:34 PM

ganyan din sa akin.. PROCESSING.. lang nakalagay..

Originally Posted by dreamur

I received a refund for food ordered (and eaten) last April 26 pa. Now the balance wouldn't show up on the app. [emoji848]

Sent from my SM-S908E using Tsikot Forums mobile app

**_Cathy_** · May 9th, 2023 02:55 PM

That's weird. I took this SS now, okay naman gcash ko

Sent from my SM-N960F using Tapatalk

**_Qwerty_** · May 9th, 2023 02:56 PM

yup yung iba ok na, yung iba hindi pa din..

sa akin eto now..

pero i checked sa Globe One.. pag naka link yung gcash mo don, you can see the gcash balance.

Originally Posted by _Cathy_

That's weird. I took this SS now, okay naman gcash ko

Sent from my SM-N960F using Tapatalk

**Deestone** · May 9th, 2023 03:21 PM

I can access my gcash now they are now restoring it one by one.

**uls** · May 9th, 2023 05:02 PM

they're vigilant naman

**Walter** · May 9th, 2023 08:28 PM

They should be proactive and not reactive when it comes to cyber security ... if they foiled it ... how did they know how much the hackers tried to siphon? ...

**_Qwerty_** · May 10th, 2023 06:24 AM

How that GCash Hack Attempt Could Have Been Made >> YugaTech | Philippines Tech News & Reviews

Based on the actions made by GCash, the story seemed very plausible. Here’s our theory on how the attempt could have transpired.

1) The culprit (could be a group) has planned this for some time. They already have two bank accounts (East West Bank and Asia United Bank) on standby to receive the funds from multiple GCash transfers. Reports from TV Patrol totaled more than 300 complaints by 11am this morning.

2) Perpetrators routinely collect login information from random and unsuspecting GCash users using several phishing vectors — could be via email, SMS or social media. This usually happens when someone is fooled into clicking a link to manage their bank account, or in this case GCash.

The original deadline for the SIM Registration last April 26, 2023 could have added to the urgency and confusion, making people click on links that pertain to their SIM or to their GCash account. There were rounds of multiple posts on Facebook urging people to cash out their GCash funds or else they will not be able to access it after the deadline of the SIM Registration.

3) Instead of accessing and transferring compromised GCash accounts individually as they go, the culprits had the patience to simply collect all the accounts and wait for the right time to do everything all at once.

This coincides with the Php37 million figure that Inquirer pointed out.

If they did the transfers as they gained access to each GCash account, their continuous operations would have been detected eventually but the amount would have been smaller. Doing a sweep of hundreds or thousands of accounts in one single night is a much better approach. They know they will be detected and shut down (just like the many previous GCash hacks done by others) but the goal was to get as much money in as shortest time possible and hopefully get away with it.

4) Bypassing GCash security is the next obstacle. Either go by the MPIN + OTP route or the biometrics. Based on GCash’s response of disabling the biometrics login, that is the most likely route that was taken.

There are also claims circulating about an exploit on the GCash system that traces back as early as 2 months ago.

We don’t know the veracity of this claim, but it could be linked to the possibility of bypassing the security.

5) The bank transfers to East West Bank (ending 5239) and AUB (ending 3008) are probably dummy accounts or compromised accounts as well. They could just be pooling the funds here and then transfer it elsewhere where the money can no longer be traced or recovered.

This is the reason why GCash has, until the time of writing this story, suspended the Bank Transfer feature of the app.

6) GCash has publicly stated that all the funds are intact and will be returned to the owners. This coincides with Inquirer’s story. Meaning, GCash was able to immediately coordinate with East West Bank and AUB and freeze the two suspected accounts.

This is just a theory and how things could have transpired with the GCash incident. GCash has not made any definitive statement to address this except to reassure its customers that GCash is safe.