GCash attack was 'meticulous phishing': Privacy watchdog


Posted at May 24 2023 05:12 PM

MANILA — The recent unauthorized transactions involving e-wallet GCash accounts were the result of a "meticulous phishing scheme" through gambling websites, the National Privacy Commission said on Wednesday.

This was the result of the NPC Complaints and Investigation Division's (CID) investigation on the attack which involved hundreds of users and allegedly netted millions of pesos.

“Upon our thorough investigation, we have determined that the unauthorized transactions in GCash accounts were a result of a meticulous phishing scheme,” said Privacy Commissioner John Henry D. Naga. 

"Unknown threat actors took advantage of vulnerable GCash users, triggering the phishing scheme through online gambling websites such as 'Philwin' and 'tapwin1.com'," Naga added. 

On May 12, NPC said it held a clarificatory meeting with G-Xchange Inc. GXI on May 19 submitted the other documents requested by NPC.

Some users earlier urged GCash to provide detailed information about the incident to regain public trust. GCash said it has about 81 million customer base

The NPC, meanwhile, assured the public that it is committed to exercising its mandate of protecting the data of Filipinos.

"We assure the public that the National Privacy Commission remains resolute in its mandate to safeguard the rights of data subjects and protect personal information. We will employ the full extent of our powers under the law to penalize those who violate the Data Privacy Act of 2012,” Naga said.

NPC urges the public to remain vigilant against phishing attacks and to adopt the best practices in protecting their personal information.

- with a report from Jacque Manabat, ABS-CBN News


Watch more News on iWantTFC