MANILA, Philippines—Nowadays, with the complete shift to everything digital, the convenience of being able to buy anything with just a tap of our fingers be it from a live selling session or a flash sale item from an e-commerce platform, comes with new levels of scam tactics.

The rise of phishing, where scammers send fake SMS, Emails, or links designed to trick people into giving away sensitive information such as personal information, banking details, and passwords, has become alarmingly commonplace in a time when transactions have moved exponentially on a digital sphere.

As is expected, scammers are getting more and more creative to see old nefarious ways take to newer form. Knowing the different ways they work is the first step in protecting ourselves. And even as we willingly fall for irresistible discounts or all-in-one bundles, or when you know you don’t need a new phone case but you purchase it anyway because it’s cute. What is not okay is when you get yourself into types of budol that actually robs you of all your hard-earned money.

Key visuals courtesy of GCash

Here are some common phishing scams and ways to protect yourself especially as we enter the merriest season of the year:

A popular method for scammers is to pretend to be an authorized customer representative on different platforms by appropriating company logos and a person’s profile picture.

In social media, this can happen if you post your complaints publicly. They send a direct message and pretend to offer help with your concern. In emails, they use what seem to look like official addresses and feign a sense of urgency to dupe users into following the steps they have outlined, otherwise, you will lose access to your account or incur possible charges.

In SMS, they send suspicious messages and links that will prompt you to install an app or require you to input your MPIN or OTP for many reasons: you’ve won a contest, have expiring rewards to claim, or that you need to update your contact information. Sometimes they’ll even call you.

How do you spot scammers? Start by checking the sender. Is the text or call from a random phone number? Does the email look credible or does it look like it came from a sketchy free platform? Always check the source. Second, did they send you a link?

GCash, for example, will NEVER send you an email asking to click a link. Scammers have become clever to make sure they no longer have typos on their message alerts. They used to misspell words like GAcsh or replace letters with numbers like GC4sh, but they’ve leveled-up to replicating official web pages by using the same visuals or actual promos to phish details from users.

The goal is to get a One Time PIN (OTP) to link their device to your account, and your MPIN so they can login. If they can’t get your MPIN, they will try to ask for more OTPs in order to reset your MPIN. If you’ve been saving money for your pending bills, never give out your MPIN and the OTPs that you receive on your phones.

However, scammers have found creative ways to sneakily get these info so it’s important to expose them and  get to know their methods. Here are some examples:

  • Hiram mobile phone – they borrow your phone for a variety of excuses but their real intent is to request OTPs to be sent to your phone so they can reset the MPINs themselves without you knowing.
  • Shoulder surfing – from the name itself, they spy over your shoulder to steal personal information that might help them in hacking your account.
  • Live selling sessions – this usually happens to online sellers when they broadcast what’s on their phones. Scammers just need good timing to initiate the OTP, display it on your screen for all to see, and therefore compromise your account.

If you find yourself on the receiving end of any of these suspicious instances or if you have concerns with any of the GCash services, the best way to address them is through the Help Center accessible within the app only.

Key visuals courtesy of GCash

The Christmas season and mega-sales online are happening soon so it’s important to remember this GChecklist: 

  • Check the sender or credibility of any website where you are being redirected 
  • Never share your MPIN or OTP
  • Only do actions within the GCash app

Once you tick off everything on this list, make sure you’re G to share this so your friends and family can protect themselves, too. For your holiday hauls, don’t forget: magpa-budol wisely!

For more information, visit gcash.com.