How to protect my GCash Account? – GCash Help Center

To keep your account safe, be aware of the common forms of scams such as:

Phishing - When personal information or data is stolen
Swindling - When money is stolen from another person

Learn more about these scams and how to keep your account safe from scammers:

Swindling

Swindling happens when a scammer tricks you into making a GCash transaction but will not fulfill the expected service, delivery, or purpose of the transaction. A swindler can be a buyer or a seller with an intention to steal money from another person.

Commons forms of swindling are:

Fake Online sellers
Hacked accounts
Fake donations

Fake Online sellers

Fake sellers create social media pages and websites using stolen logos and images.

Here are some tips on how to spot fake sellers:

Fake online sellers have little to no account history because they create new accounts to continue their scamming activity even if they have been reported and blocked in the past.
TIP: When buying through a Facebook page, check the page transparency to see when the page was created.

STEP 1: Go to the Facebook Page of the Online Seller you wish to buy from

STEP 2: Tap See All under Page Transparency

STEP 3: Check Page History

Fake sellers sell their products at very low prices VS the average market price. When in doubt, check the price with at least two more sellers selling the same product, and buy within the average market price.
Fake sellers insist on immediate full payment. Check the payment terms of the seller, and when possible, transact with those that give you the option to pay after the product or service is rendered.

How to prevent being a victim of fake sellers before making a transaction

Prevention is always the best way to protect yourself. Here are some tips on how to avoid being a victim of fake sellers before making a transaction:

Read seller reviews and check the following:
- Dates on when the reviews were posted. If the reviews were created over a short period of time, these are fake reviews to immediately increase the seller’s rating
- Contains gibberish words or special characters. When this happens, this is a sign that the reviews were created by a bot
- Profile of the users commenting. When there are generic names such as Juan Dela Cruz, John Doe, and Jane Smith or just contain numbers and letters, this means that these are fake accounts making fake reviews
If you are transacting with the seller on Facebook, search about the seller. Victims of fake sellers usually post about their experiences to warn potential victims.

STEP 1: Type the name of the seller or Facebook page on the search bar

STEP 2: Tap Posts

STEP 3: Check if there are posts by previous victims

How_to_check_if_the_seller_has_previous_posts_of_victims_on_Facebook.jpg

Know the payment terms. Transact with sellers that allow post-delivery payment.
Never share your MPIN or OTP. A seller asking you to provide these details is a sign that the transaction is a scam

How to prevent being a victim of fake sellers after making a transaction

After making a transaction, to be sure you are protected here are the important steps to take

Always take a screenshot of the payment transaction as proof of your payment
Prior to the delivery:
- Ask the seller to provide a picture of the item in real-time
- Ask the seller for a picture of the item before it’s given to the courier
- Ask the seller for courier details as well as the tracking number
- Ask the seller for their contact details
Ask for an official or acknowledgment receipt when possible

Hacked accounts

Some swindlers hack accounts of people and tap into their contacts to try to ask for money while disguising themselves as the account owner.

Here are some tips on how to spot if your friends and family members accounts have been hacked:

They are asking for money
They are talking to you in a different tone. Check your past conversations if this is really how they talk to you
They are talking to you on a social media channel that you don’t usually use

When in doubt, DON’T SEND MONEY RIGHT AWAY. Check to validate if you are talking to your friend or family:

Contact the person by calling or through a different channel. Ask your friend or relative directly if they messaged you asking for help.
Check where they are asking you to send the money to. Hackers will ask you to send money to an account different from your friend or family member’s account.

How to avoid being a victim of hacked accounts

Don't be a victim of hacking! Here are some tips to avoid having your social media account from being hacked:

Don’t click on links unless you are sure it is safe. Hackers may send links to you to get your personal information. Verify a website’s security by doing the following:
- Check if the site uses https://, this means that the website employs a form of encryption to transfer data
Check if there is a padlock icon beside the website’s browser address
- Double-check if the URL is spelled correctly. Hackers may use URL’s such as yah00.com instead of yahoo.com to trick you into giving them your information
Use a website security checker such as Google Safe Browsing to verify a site’s legitimacy and reputation.
Do a security checkup of your accounts
Update your password regularly.
Log in to your social media accounts only on the devices that you own
- Always log out of your accounts after using
- Enable Two Factor Authentication. Two Factor Authentication is an extra layer of protection of accounts on top of your username and password because you need to provide another piece of information such as a code, or your biometrics before being able to login. Go to the Help Center of your accounts to check how to enable this.
Never share your personal information such as your address, phone number, and email address. Use the inbox of the social media accounts to communicate with other users.

Never share your sensitive personal information such as your race, religion, or political views. Doing this will make it easier for scammers to steal your identity.

Fake donations

Swindling can also happen through fake calls for donations. Scammers will send generic messages asking for money and ask you to send the donation to an unknown account.

How to avoid donating to fake organizations

Here are some tips to avoid donating to fake organizations:

Donate only through official payment channels such as GCash. Avoid sending donations to personal accounts
Transact with trusted organizations only. GCash has a list of trusted partner beneficiaries where you can donate to charity or organizations of your choice. This list includes partner organizations of GCash that have been active in donation drives.
Login to the GCash app, select Pay Bills, and click Others > #GCashGivesBack to see the partner beneficiaries of GCash

How do I report swindling?

Follow these steps if you think you’ve been a victim of swindling:

STEP 1: File a ticket on the GCash Help Center. A GCash representative will contact you within the next 24 hours.

STEP 2: Enter your email address, GCash-registered Full Name, and GCash-registered Mobile Number

STEP 3: Select My GCash Account as the Concern Category

After selecting My GCash Account, select I was scammed

STEP 4: In the Explain your concern field, indicate the following details:

Date and time of the transaction
GCash Reference Number if GCash was used for payment

STEP 5: Enter the Alleged Fraudster’s GCash Number in the Alleged Fraudster’s Number field. If possible, indicate the Alleged Fraudster’s Full Name

STEP 6: Choose the Type of Scam related to the swindling case. Go to How do I Keep My Account Safe to know about the different types of swindling scams

STEP 7: In the Attachments field, attach the following:

Screenshot/s of your conversation with the alleged fraudster
Link and screenshot of the product advertisement
Transaction receipts with the alleged fraudster

STEP 8: Submit the ticket and check your email for the ticket number that you may use to follow up on your concern through the GCash Help Center.

STEP 9: Secure a police report indicating the GCash wallet and name from your nearest police station. You will receive instructions on how to submit the police report to GCash after submitting the ticket

NOTE: GCash will temporarily disable the disputed user’s account for 72 hours 
after receipt of the ticket. GCash will permanently disable the account after
receiving the police report.

Phishing

Phishing happens when someone pretends to be another person/company to collect your personal information such as your birthday, address, mobile number, username, or password.

Once they get this information, they access your account to steal money or make transactions without you knowing.

Common forms of phishing are:

Fake GCash representatives
Phishing links, emails, or SMS/smishing
Fake verifiers

Fake GCash representatives

Scammers create fake GCash profiles on different social media platforms and engage with you by:

Pretending to assist you with your concern
Creating a fake GCash promo
Pretending to assist you in verifying your account

How to spot and avoid fake GCash representatives

Follow these tips to spot and avoid a fake GCash representative:

Do not respond to any GCash support messaging you via private message. GCash does not entertain questions via private message.

- If there are promos that are being mentioned, check the Official Promos Page to know about our ongoing promos.
- If you have a concern, file a ticket on the GCash Help Center. GCash does not entertain questions via private message.

Never post your concerns on social media.
- If you have a concern, file a ticket on the GCash Help Center.

Always check the username and profile of the sender before responding. Look for the checkmark to find the real GCash account.

- The only official channels of GCash are:
  - Official GCash Facebook Page
- - Official GCash Instagram account
- - Official GCash Twitter account
- - Official GCash website

Phishing links, emails, or SMS/smishing

Fake GCash emails or messages are created by fraudsters to trick you into clicking on a phishing link or website and get information such as your GCash number, OTPs, MPINs, or birthday.

How to spot and avoid phishing links, websites, emails, or SMS

Follow these tips to spot and avoid getting phished from phishing links, websites, emails, or SMS:

Check the sender before clicking on links sent to you.

Never give your personal information, such as your birthday, address, mobile number, username, or password.
- GCash will never ask for your personal information unless you request for help through the GCash Center.

Ensure that the sender’s name and details come from the official accounts of GCash.

Never share your MPIN or OTP.
- GCash will only ask for your MPIN and OTP when logging in the official GCash App.

Fake verifiers

Fake verifiers are people who claim that they can verify your GCash account for a certain fee.

They claim that they can verify your account because they want to:

Steal your personal information, such as your birthday, address, mobile number, username or password
Phish your security information, such as your OTP and MPIN, and take over your account

How to spot and avoid phishing by fake verifiers

Here are some tips on how to spot and avoid someone who is selling a verified account to you:

You are being asked to verify outside the GCash App. GCash does not verify accounts via social media channels or email and only verifies accounts through the GCash App.

- To avoid this, do the following:
  - Verify your own GCash account on the GCash App. Visit How do I get Fully Verified? to learn how to get verified.
  - Don’t buy or sell fully verified GCash accounts. Verify your own account because you may face legal charges and end up in jail if your personal information was used for illegal transactions.
You are being asked to do an urgent action. Fake verifiers rush you in giving your information, not allowing you time to think carefully about your decisions.

How do I report phishing?

Follow these steps if you think you’ve been a victim of phishing:

STEP 1: File a ticket on the GCash Help Center. A GCash representative will get back to your report within 24 hours.

STEP 2: Enter your email address and GCash-registered Full Name

STEP 3: In the GCash-registered Mobile Number field, enter the GCash number you are trying to report.

STEP 4: Select My GCash Account as the Concern Category

After selecting My GCash Account, select I want to report an account involved with fraudulent activity

STEP 5: In the Explain your concern field, indicate the following details:

The email address, phone number and/or profile of the sender
The link sent to you where your GCash details are being requested

STEP 6: In the Attachments field, attach the following:

Screenshots of the email/message sent to you
The URL link that was sent to you

STEP 7: Submit the ticket and check your email within the next 24 hours for updates from our live agent. You will receive a ticket number that you may use to follow up on your concern through the GCash Help Center

Note: View this article to know more about the GCash Customer Protect Program.

Account Takeover (ATO)

Account Takeover (ATO) is a result of phishing when another person uses your account and makes transactions without your knowledge or permission. This may also include access to your linked debit or credit card(s).

Here are some signs that you have been a victim of Account Takeover:

Your MPIN no longer works
Unauthorized transactions are present in your GCash Transaction History
Linked accounts, such as your bank account or cards, have been used without your permission

How to avoid account takeover

To further secure your account and to avoid unauthorized control of your account:

Enable the Biometrics feature so that you can use your fingerprint or face ID to log in. Using your human features will avoid potential hackers from using your account. Visit How can I enable my Biometrics Login? to enable your biometrics feature.
Reset your MPIN once every three months. Visit Tips to Make a Strong Password to learn how to make a strong password.
Always check your GCash Transaction History. Use GCash Transaction History for a more secure way to verify your transactions. Visit Where Can I Find My GCash Transaction History to learn how to check your GCash Transaction History.

What should I do if someone made unauthorized transactions using my account?

Check what applies to you if you think your account has been hacked or compromised:

You are aware of your hacker’s information (name and contact number)
You are not aware of your hacker’s information

If you are aware of your hacker’s information (name and contact number), follow these steps to properly file a ticket:

STEP 1: Reset your MPIN if you can still access your account. Learn how to reset your MPIN through How can I change my MPIN?

STEP 2: Submit a ticket within fifteen (15) days if there was an unauthorized transaction on the app and 24 hours if your card(s) were included.

STEP 1: Submit a ticket to the Help Center. A GCash representative will get back to you within 24 hours to help you log in to your account.

STEP 2: Enter your email address and GCash-registered Full Name

STEP 3: In the GCash-registered Mobile Number field, enter the number that has been taken over

STEP 4: Select My GCash Account as the Concern Category
- After selecting My GCash Account, select My account was hacked

STEP 5: In the Explain your concern field, include why you think your account has been compromised

Common signs that your account has been compromised are:
- Your MPIN no longer works
- Unauthorized transactions are present in your GCash Transaction History
- There are transactions in your linked accounts that you don’t know about

STEP 6: Enter the Alleged Fraudster’s GCash Number in the Alleged Fraudster’s Number field, and if possible, indicate the Alleged Fraudster’s Full Name

STEP 7: Enter the GCash Reference No. of the unauthorized transaction. If you have lost access to your account, the reference number can be retrieved via SMS.

STEP 8: If there are any other transaction/s that occurred, indicate the transaction number/s in the Other Transaction Number field

STEP 9: Select the kind of modus that happened in the unauthorized transaction

STEP 10: Indicate if you have shared your OTP, MPIN, and your personal/account information with anyone, and if your MPIN has been reset without your knowledge

STEP 11: Specify the unauthorized transaction made on your account and the total amount being disputed

STEP 12: Indicate if you shared your OTPs from your linked bank account in GCash and if your account was linked to other online applications like Lazada, Shopee, FoodPanda, etc without your consent

STEP 13: In the Attachments field, attach screenshots of the unauthorized transactions

STEP 14: Tap Submit

If you are not aware of your hacker’s information, follow these steps to properly file a ticket:

STEP 1: Reset your MPIN if you can still access your account. Learn how to reset your MPIN through this How can I change my MPIN?