The Philippines’ National Privacy Commission (NPC) concluded that the recent unauthorised deductions from multiple accounts from mobile wallet GCash amounting to PHP 37 million (approximately US$660,000) was the result of a phishing incident.
This echoes what the Bangko Sentral ng Pilipinas’ (BSP) Governor Felipe Medalla shared with reporters on the sidelines of the 23rd Financial Stability Board-Regional Consultative Group in Asia Meeting in Cebu.
On 9 May 2023, the NPC had conducted an independent investigation to ascertain the extent of the alleged unauthorised transactions and determine if there is a possible compromise of personal data and other potential violations of the Data Privacy Act of 2012.
“Upon our thorough investigation, we have determined that the unauthorised transactions in GCash accounts were a result of a meticulous phishing scheme.
Unknown threat actors took advantage of vulnerable GCash users, triggering the phishing scheme through online gambling websites such as ‘Philwin’ and ‘tapwin1.com’. We have ordered GXI to intensify its education and awareness campaign to its clients to prevent similar incidents in the future.”
said Privacy Commissioner John Henry D. Naga.
The NPC is urging the public to remain vigilant against phishing attacks that would compromise their personal information.
