WARNING: GCash Phishing Leveraging the SIM Registration Act

-

A lot has happened since the Philippine SIM Registration Act has been implemented.  There are people who are for and against its implementation.  That is an issue that can only be resolved in time.  However there is a bigger issue has stemmed from it.  The law is now being leveraged by threat actors that seeks to gather personal information from their potential victims.

While reviewing my SPAM folder for legitimate messages that have slipped into the cracks, I noticed this interesting sender.


A casual look makes it appear as if it came from GCash, a service I use for my digital wallet needs.  Although the display name says "admin@gcashmobile.com", it was sent "via sendgrid".  Just to let you know, legitimate emails from GCash comes from the "@gcash.com" email domain so this is already a big red flag.

  Here is the body of the message:


Looks convincing, right?  However, one thing that everyone should be aware of is this: Companies will always refer to you by name when sending important messages such as this.  This is not always the case though because of recent incidents, latest leaks of email addresses includes the real name of victims but that is subject for a separate post.

 Hovering over the "Verify Account" button reveals that it leads to a site that is obviously not from GCash:


Less informed people who received this message may click the link and they will be sent to a fake  GCash website that will ask for personal information and even ask for a scanned copy/pictures of valid identification papers and once people "complied" with this request. that is where the fun begins for those malicious parties.  Upon submission of the requested information, they can then leverage it to perform various acts that can and will affect the victim: They can now change the password of the victim and do unauthorized transactions, they can even use this information to scam the contacts of the victim.

So in case you receive similar messages as the one posted here, simply ignore it and tag it as SPAM.  If you are inclined to do it, report it to GCash so that they can send notifications to legitimate users to watch out for similar messages.

You're welcome!


Comments

Post a Comment

Popular posts from this blog

A Visit to Mataas na Kahoy, Lipa, Batangas

-
Image
My friend Debbie, a classmate from way back in Elementrary and High School invited me again to their town fiesta at Mataas na Kahoy, Batangas City.  Having previously visited their place, I promptly brought wifey and kiddo with me and had lunch there. The visit was capped by a sumptuous lunch and the main highlight of the meal was a boneless lechon by Dante's Lechon de Kahoy . As with our other visits, I was still in awe at the place, the beauty of which is accentuated by the cool Tagaytay-level cool wind. To get a feel of the place, just click on the video above. A day well spent with my family and friend at a very relaxing place.
Read more

Introduction to Personal Technology Security

-
Image
We live in such wonderful times.  More and more people are exposed to technology that, years ago, were too expensive a few years ago.  Information is now available to a lot more people thanks to the high adoption rate of smartphones, tablets and laptops.  Students never had it so good because I still remember having to commute to different libraries in order to write research papers. People who need to do banking can do a lot of financial transactions simply by downloading and using the mobile banking applications of their respective banks.  Mobile payment platforms are slowly replacing the need to carry cash in order to pay for their groceries, medicines, monthly bills etc. However, with all these conveniences, comes danger.  Hackers and fraudsters are taking advantage of this to take advantage of people who are not-too-savvy with technology to steal information and even money.  Text messages purporting to come from government agencies, dubious foundations even famous peopl
Read more