A suspected text spoofing involving an e-wallet service was uploaded on an online forum for topics about the Philippines.
One Redditor posted on the subreddit r/Philippines a screenshot of a suspicious text message that was supposedly sent by GCash, an e-wallet service in the Philippines.
“PSA: GCash SMS has been compromised. Don’t click on the link,” the user claimed.
GCash sends text messages to confirm transactions, give authentication codes, share promos, and release advisories on maintenance and text scams.
The image showed these types of text messages from the sender “GCash.”
The last message, however, told the user to click a dubious link for a supposed account update.
“Suspicious activity happened to your GCash account,” part of it reads.
In the discussion section, one Redditor said that the concern of the original uploader might be a case of text spoofing.
“Madali lang po ung SMS spoofing. Dameng free sites na ganun,” the Reddit user said.
Another Redditor supposed that it might have been an inside job.
“May human intervention behind it, may employee na hindi masarap ang ulam. You can still click the link, walang mangyayari diyan. ‘Binenta’ na details mo (o natin) around the web. Keep looking on your inbox, makakatanggap ka ng nonstop spam texts from unknown numbers. Napaka-useless ng R.A. 10173 natin,” the online user wrote.
The Redditor was referring to the Data Privacy Act of 2012, the law that also created the National Privacy Commission.
The privacy act seeks to protect the privacy information of all individuals in the Philippines.
This includes “private, personal, or sensitive. It is meant to cover both natural and juridical persons involved in the processing of personal information.”
Spoofing, meanwhile, is defined as a type of scam where the perpetrator disguises as an official or authentic business entity to attract potential victims, according to Investopedia, an online investment dictionary.
“Spoofing is a type of scam in which a criminal disguises an email address, display name, phone number, text message, or website URL to convince a target that they are interacting with a known, trusted source,” its definition reads.
GCash does not have a specific advisory against text spoofing yet.
The mobile wallet, however, issued a warning against fake account updates on Wednesday, July 20.
In a social media post, GCash advised users against sharing their personal or account details via text messaging or email.
“Protect your account from being hacked! Huwag mag-share ng personal and account details especially your MPIN or OTP via email or SMS. Panatilihing safe ang funds mo by protecting your account!” it said.
GCash also attached a graphic that reads: “Mag-ingat sa fake account update! Protect your account, and we’ll protect your funds!”
Should users spot a suspected scammer, they are advised to report them to the GCash Help Center via this link: GCash Help Center.
There have been reports about fake verification emails and texts using the e-wallet’s name since last year amid the rise of mobile wallet users in the Philippines.
GCash has a resource hub via its Help Center that informs its more than 48 million users about account protection.