gcash hack

After a couple of weeks of investigation by the National Privacy Commission (NPC), it was independently concluded that the widespread fraudulent transactions with GCash last May 8 was due to phishing exploits on unsuspecting GCash users. Overnight, more than 300 people reported that their GCash accounts made unauthorized transfers to two bank accounts from East West and AUB. The following day, GCash confirmed that indeed there were repeated/unusual transactions in their system that triggered internal systems and immediately coordinated with the affected bank to freeze the accounts. GCash has likewise assured the public that there was no hacking involved and that there was "no fund loss" on the part of the customers. That same day, we posited a theory that all these incidents were just a carefully planned and well-coordinated attempt to simultaneously execute the transfers from phished accounts in order to make it look like a hacking incident. The NPC investigation will finally close any and all suspicions about the GCash incident. GCash has also finally revealed, thru the NPC report, that two gambling sites were primarily involved in the phishing expedition -- Philwin and tapwin1.com. A quick check at their FAQ also showed they're actively using GCash to top up and withdraw money from users. Read more in our articles including "Gambling sites, apps used for phishing scam on GCash" and "GCash lost money from recent fraud - BSP".