GCash has finally made a full explanation about the recent unauthorized transactions that happened last ay 8, 2023.
This explanation is very similar to the theory we provided earlier this week (How that GCash Hack Attempt could have been Made 43) sans the DeathNote link.
Technically, the “phishing activity” was already accomplished way before this week’s incident. There was indeed an actual transfer of funds from victims’s GCash account into the two bank accounts from East West Bank and Asia United Bank (AUB).
East West Bank has made an statement that their Fraud Team discovered the fund transfers. Money from those GCash transactions actually went to an East West Bank account and they immediately froze it.
On the other hand, AUB also confirmed that some funds were also transferred to one of their bank accounts after GCash notified them.
GCash further explains that these transactions were “illegally” authorized but thru an external system that provided the correct credentials (via MPIN and OTP). Hence, these transactions went thru the system and funds were actually transferred from GCash to the two banks.
However, since this was discovered early and both East West and AUB were alerted right away, the target bank accounts were frozen right away and funds could be returned to the respective GCash users.
What was not divulged here was the exact vector where the credentials came from. What it a fake website, a 3rd party app or something else. There’s also no lead yet as to who the perpetrators are behind this attempt.
YugaTech.com is the largest and longest-running technology site in the Philippines. Originally established in October 2002, the site was transformed into a full-fledged technology platform in 2005.
How to transfer, withdraw money from PayPal to GCash
Prices of Starlink satellite in the Philippines
Install Google GBox to Huawei smartphones
Pag-IBIG MP2 online application
How to check PhilHealth contributions online
How to find your SIM card serial number
Globe, PLDT, Converge, Sky: Unli fiber internet plans compared
10 biggest games in the Google Play Store
LTO periodic medical exam for 10-year licenses
Netflix codes to unlock hidden TV shows, movies
Apple, Asus, Cherry Mobile, Huawei, LG, Nokia, Oppo, Samsung, Sony, Vivo, Xiaomi, Lenovo, Infinix Mobile, Pocophone, Honor, iPhone, OnePlus, Tecno, Realme, HTC, Gionee, Kata, IQ00, Redmi, Razer, CloudFone, Motorola, Panasonic, TCL, Wiko
Best Android smartphones between PHP 20,000 - 25,000
Smartphones under PHP 10,000 in the Philippines
Smartphones under PHP 12K Philippines
Best smartphones for kids under PHP 7,000
Smartphones under PHP 15,000 in the Philippines
Best Android smartphones between PHP 15,000 - 20,000
Smartphones under PHP 20,000 in the Philippines
Most affordable 5G phones in the Philippines under PHP 20K
5G smartphones in the Philippines under PHP 16K
Smartphone pricelist Philippines 2024
Smartphone pricelist Philippines 2023
Smartphone pricelist Philippines 2022
Smartphone pricelist Philippines 2021
Smartphone pricelist Philippines 2020
Anthony Abayon says:
Diko alam na ganito sana mabalik pira ko
JohnnyB says:
I do believe information from victims were gather through phishing. However as mention in the article there are still unanswered question. While the victim phone and MPIN where gather and if including OTP, does this mean their number was cloned? were there OTP indeed sent? Doesn’t gcash tokenized each transaction? While phishing is part of the modus, I strongly believe that a security hole was exploit, could be through gcash app path or if it’s through a 3rd party app.