Tag Archives: GCash rewards scam

Weebly site phishes FB accounts for mobile load

It’s now easy to create a website thanks to services offered by Weebly and the likes. Just a few clicks here and there with a little bit of creativity, you’ll get yourself your own space in the internet in no time. You don’t even have to pay anything yet unless you want to buy your own domain.

However, some are using these easy-to-set-up website services to host their malicious pages luring innocent people to their strategy.

A Weebly-built website called LiveLoadPH is currently up and actively being shared online by some people who’s Facebook accounts could have been compromised.

How does it work?

If you came across a friend’s post saying you’ll get a free Php 100 load by just going to https://liveloadph[.]weebly[.]com, you might get curious and check what’s it all about.

The website’s main banner welcomes users with a statement to “Stay connected to your friends and family.” as if to touch their innocent visitor’s emotions in relation to the COVID-19 community quarantine.

Scrolling down shows a screenshot of a Php 100 load perhaps to entice people that they are really giving away that much. It further warns that visitors should only fill out their registration form once to avoid spamming their database with multiple requests.

Down at the bottom is a public service advisory reminding people that their operational hours is limited due to the COVID-19 situation. Just beside it is the registration form.

The registration form contains multiple fields including phone number, FB email, password, network and load denomination. If you are in your right mind, you would stop at the second field which asks for your FB email. Why would they get it? And, then your password?

But, just in case you’ve already made up your mind and is going after that Php 100 load because you badly need it, submitting the form would eventually redirect you to a GCash referral page.

Yes, a GCash referral page. A page where someone would earn Php 50 worth of GCash freebies if you decided to sign up. And, that someone is most likely the person behind this scheme. Not only that he got your Facebook account credentials already, he’s also trying to earn GCash rewards from his victims. That’s pure selfishness right there.

Obviously, this website is just phishing for Facebook account credentials to be used for whatever agenda the culprit had in mind. Victims won’t get anything in return even that promised Php 100 load.

If you have already signed up, make sure to update your Facebook password immediately. If you’re using the same password on your email and other online accounts, update them all asap!

We have already submitted the URL to known security vendors for blocking. We will contact Weebly to take down this LiveLoadPH website, and report the GCash referral code to GCash for possible suspension.

Related Posts:

Wix phishing site targets GCash users

A fake GCash website has been put up to lure users in availing a P750 reward. Using Wix, a free, cloud-based web development platform that allows anyone to create their own website, the fake GCash website is being sent to various Globe users to entice them to claim their rewards.

Bogus GCash SMS alert

Janet Sentorias, a GCash user, shared the screenshot of a text message she received from an unknown Globe prepaid number. It contains the link to the GCash phishing site built via Wix. The link was too obvious for anyone not to notice but for someone not familiar with Wix, they might get tempted to enter the site.

The GCash phishing site asks for an email address and a GCash mobile number. According to the instruction, users need to ensure that they are verified GCash subscribers to be entitled to the bogus reward.

Some red flags on this site, for those not familiar how phishing works, are:

  • Inconsistent domain. The site used a Wixsite.com domain instead of the GCash’s official domain GCash.com or its mother company Globe.com.ph
  • Unofficial SMS sender. The message was sent from a Globe prepaid number. GCash or any other legitimate companies usually use a 4-digit number to broadcast their advisories.
  • Grammar. Official advisories or statements from companies are being reviewed thoroughly. Both the SMS alert and the phishing site contain too many mistakes.
  • Sense of Urgency. One of the reasons why phishing campaigns are successful is its ability to trick humans. As cliche as it is, we are the weakness in the system. This phishing site, for instance, is urging recipients to claim their rewards until the end of the month.

Should you receive similar attacks, report it immediately to GCash and Globe so they could take appropriate actions against the cybercriminal.

Sentorias and some other GCash users tried to trace the identity of the culprit behind the mobile number used in this scheme. They were able to do so by sending a GCash amount to the number. For fairness, we reserved the right not to publish the identified person until an official investigation commence.

We have requested to have the site blocked in some known security vendors. We will also have this reported to GCash and their data protection officer as a heads up.


Wix Support Thread
  • February 1, 2019 – We reported this incident to GCash’s DPO and got a confirmation that they are already working on it.
  • February 2, 2019 – Wix contacted us to formally file a request to take down the link. We did so.
  • February 3, 2019 – Wix took down the GCash phishing link. GCash also confirmed that they already disabled the account of the scammer and that they will also send an advisory for security awareness.

Related Posts: