MANILA, Philippines — The recent mess involving the unauthorized fund transfers that affected several GCash users was a phishing incident and not hacking, according to the Bangko Sentral ng Pilipinas.
BSP Governor Felipe Medalla told reporters on the sidelines of the 23rd Financial Stability Board – Regional Consultative Group in Asia Meeting in Mactan, Cebu that fraudsters were able to convince victims to reveal the one-time passwords (OTPs).
“Of course it is better if it did not happen at all. But our source of comfort is that it is not hacking. The scammers will use your own greed,” Medalla said.
Medalla said the incident involved the sharing of OTPs by the victims, which is repeatedly being discouraged by the BSP as well as banks.
“It turns out in this particular case, it is phishing. For some reason, they (scammers) were able to convince the victims to give their OTP despite all the warnings to never share the OTP,” Medalla said.
Medalla said that the last level of protection is the OTP.
“So, in other words, the only way that (access to one’s personal account) will happen if there’s somebody talking to you on the other side (for you to share your OTP) and that’s very convincing,” he said.
According to the BSP chief, the bulk of the stolen money was still lodged at the two bank accounts when the scammers were caught by GCash authorities.