“Na-’hack’ ako!” – This has become a common catchphrase for the increasing number of people finding unauthorized transactions on their e-wallets and bank accounts. This comes as no surprise because according to the Cybercrime Investigation and Coordinating Center, cybercrimes increased by 152% in the first half of 2023 compared to the same period last year, and the popularity of e-wallets have made it an easy target for criminals.
However, the term ‘hacking’ is often confused with “phishing”, another notoriously common type of cybercrime activity. While both end in malicious individuals gaining control over a user’s account, it’s critical for users to know the difference to better protect themselves.
What is Phishing?
Phishing is a kind of cyber attack wherein cybercriminals pretend to be a legitimate source to trick users into giving personal information to gain access to accounts and steal the funds. For e-wallets, fraudsters may call or send a message via email, SMS or social media platforms pretending to be an employee or a company representative to get the victim’s Mobile Personal Identification Number (MPIN) and One-Time Password (OTP) or authentication code.
What is Hacking?
Hacking refers to an unauthorized attempt by a criminal to access sensitive information on a device or network. This is done by taking over a system through force or sophisticated methods.
What’s the difference?
Both phishing and hacking involve unauthorized ways of gaining sensitive information, but they are being done differently. In hacking, cybercriminals take advantage of vulnerabilities of devices and networks to gain access to sensitive information. It is therefore important for users to only use apps that are credible, reliable, and have strong security measures in place to prevent criminals from hacking the system.
On the other hand, phishing scams, derived from the word fishing, are designed to ‘bait’ victims so they will be tricked into giving sensitive information. This becomes highly dependent on the users because fraudsters rely on them to unknowingly give the information needed to access their accounts through fake websites, fake sign-up forms, or fake portals.
As cybercriminals become more creative, some phishing attempts are now designed to appear as a hacking attack. Cybercriminals ‘phish’ information from thousands of users over a certain period, but don’t immediately use these data to steal funds. All this phished information is then used to steal funds at the same time. With the large number of victims noticing that their funds have been stolen simultaneously, it would look like a massive hacking attack, especially if the victims no longer recall sharing their personal information.
The good news is that phishing scams can be prevented if you know how to spot them. Here are safety practices you can observe to protect your e-wallet account from the phishing attacks:
1. Double up on security measures. Make use of additional safety measures found in your e-wallet app. Aside from requiring you to enter your MPIN, e-wallet apps also send the OTP as an additional security measure to verify your identity. GCash also has a DoubleSafe Face ID, which prompts users for a selfie scan every time they login using a new device, to make sure that it is the Verified Account Owner who has access to the account.
2. Think and rethink before you act. Review the sender and the content of a suspicious message even before responding or clicking on the link. If you are being offered rewards or prizes, backtrack if you have indeed joined a program or raffle and verify with the company through another channel.
Remember that GCash will never send links via SMS, email and messaging apps and all legitimate rewards and promos will only be communicated through the official GCash app, so never click on links claiming to be from GCash.
3. Double-check the message that comes with the OTP. Legitimate e-wallet transactions may ask you to enter your OTP as an added security feature. If you receive an OTP through text message, make it a habit to read the entire message and make sure that it matches the request you made. If you did not make the request or if it is different from what you want to do, do not enter your OTP on any site or send it to anyone, to make sure you are not unknowingly linking your account to another device.
4. Be wary of limited time offers and urgent requests. Advisories or offers that instill a sense of urgency is almost always a sign of phishing scams. Legitimate companies will give you enough time to make a decision and will not ask you to provide your MPIN or OTP to resolve a concern, verify your identity or claim a reward.
If you are being told that your GCash account is on hold, confirm this through the official GCash app. GCash will never ask you to verify your account through a phone call or through messaging applications.
5. Never share your OTP and MPIN. Never provide your personal information if you did not initiate a request. As a rule, don’t provide sensitive information, such as your OTP and MPIN, even to your family, friends and other people claiming to be representatives of banks, companies, service providers and government agencies. Remember that GCash will never ask these details from you.
If you encounter phishing scams and fraudulent activities targeting your GCash account, you may report by visiting the official GCash Help Center at help.gcash.com/hc/en-us or messaging Gigi on the website and typing, “I want to report a scam.”