Tag Archives: GCash scammer

Weebly site phishes FB accounts for mobile load

It’s now easy to create a website thanks to services offered by Weebly and the likes. Just a few clicks here and there with a little bit of creativity, you’ll get yourself your own space in the internet in no time. You don’t even have to pay anything yet unless you want to buy your own domain.

However, some are using these easy-to-set-up website services to host their malicious pages luring innocent people to their strategy.

A Weebly-built website called LiveLoadPH is currently up and actively being shared online by some people who’s Facebook accounts could have been compromised.

How does it work?

If you came across a friend’s post saying you’ll get a free Php 100 load by just going to https://liveloadph[.]weebly[.]com, you might get curious and check what’s it all about.

The website’s main banner welcomes users with a statement to “Stay connected to your friends and family.” as if to touch their innocent visitor’s emotions in relation to the COVID-19 community quarantine.

Scrolling down shows a screenshot of a Php 100 load perhaps to entice people that they are really giving away that much. It further warns that visitors should only fill out their registration form once to avoid spamming their database with multiple requests.

Down at the bottom is a public service advisory reminding people that their operational hours is limited due to the COVID-19 situation. Just beside it is the registration form.

The registration form contains multiple fields including phone number, FB email, password, network and load denomination. If you are in your right mind, you would stop at the second field which asks for your FB email. Why would they get it? And, then your password?

But, just in case you’ve already made up your mind and is going after that Php 100 load because you badly need it, submitting the form would eventually redirect you to a GCash referral page.

Yes, a GCash referral page. A page where someone would earn Php 50 worth of GCash freebies if you decided to sign up. And, that someone is most likely the person behind this scheme. Not only that he got your Facebook account credentials already, he’s also trying to earn GCash rewards from his victims. That’s pure selfishness right there.

Obviously, this website is just phishing for Facebook account credentials to be used for whatever agenda the culprit had in mind. Victims won’t get anything in return even that promised Php 100 load.

If you have already signed up, make sure to update your Facebook password immediately. If you’re using the same password on your email and other online accounts, update them all asap!

We have already submitted the URL to known security vendors for blocking. We will contact Weebly to take down this LiveLoadPH website, and report the GCash referral code to GCash for possible suspension.

Related Posts:

Another GCash smishing entices recipients with Mystery Ang Pao

Remember when GCash released a promo regarding Mystery Ang Pao about a month ago in line with their Chinese New Year campaign? Apparently, this has been used in the recent smishing incident targeting GCash users who are still waiting for the reward to be credited on their accounts.

One user reported a GCash Advisory SMS that he received saying that he can now claim his P1,850 rewards from the Mystery Ang Pao promo. Similar to our previously featured GCash smishing cases, the message was sent by an unknown Globe prepaid number containing a link to where recipients can log in with their GCash accounts. With this new smishing variant, the cybercriminals have masked the link with bit.ly, a URL shortener.

The suspicious bit.ly URL redirects to a newly created Wix website. As we all know, this platform is a free-to-use web development tool that can help you build your own site as easy as 1-2-3.

The phishing site is still up as of this writing. We will have this coordinated both with Wix (to take down the phishing site) and GCash (to deactivate the associate Globe prepaid number.


March 3, 2019: Wix confirmed that they have disabled the website.

Related Posts:

Fake GCash Care in FB gets owned

The official GCash Care account in Facebook

A scammer can also get scammed and owned by the people they intend to victimize. That’s what happened to the person behind a fake GCash Care Facebook account that presents itself as the official customer support of the mobile app.

Similar to other local tech-enabled companies, GCash has opted to open a customer care channel through the social media giant Facebook. While it does help in reaching out to their growing subscribers, it also opened a whole new door for scammers. Now, all they need to do is create a Facebook Page that looks exactly like GCash Care, the company’s official customer service account in FB.

FB search result for GCash Care.

Searching for GCash Care in FB could give you multiple results. One could argue that it’s easy to recognize the official ones because they have ‘Verified Page’ icons (blue check marks) right next to their names. But, a lot of people could still be victimized by these small-time scammers.

LJ Alfega, one of the users of the app, decided to play with the scammer behind one of the fake GCash Care accounts in FB. After noticing multiple people posting their conversations with the bogus account, she went in and did the same. To her surprise, her experience would be the best among all those who messaged the scammer. Take a look at the screenshots below:

Alfega first asked about GCash’s support hours and followed it up with her main concern – the cashback for paying bills. Instead of answering her queries, the bogus account immediately asked her to verify some personal account information. And when she did, he asked for an authentication code.

Alfega’s conversation with the fake GCash Care FB account Part 1

The scammer is very insistent in getting the correct authentication code even after multiple failed attempts. Obviously, Alfega is just trying to test the scammer’s patience but he just seemed to be so persistent until…

Alfega’s conversation with the fake GCash Care FB account Part 2

Alfega’s conversation with the fake GCash Care FB account Part 3

The scammer realized that he just got owned by Alfega after sharing his selfie to her. When Alfega tried to press him for further verification, she got blocked.

This is just one of the many funny stories shared by other GCash users who started poking fun in the fake accounts. However, this should not just be treated lightly as people could lose a serious amount of money. GCash already released an advisory last February 1 to ensure that their customers are only dealing with their official channels. The company also added that they “will not be liable for any consequences that may result from dealing outside of their official channels.”

GCash Advisory

Related Posts:

Wix phishing site targets GCash users

A fake GCash website has been put up to lure users in availing a P750 reward. Using Wix, a free, cloud-based web development platform that allows anyone to create their own website, the fake GCash website is being sent to various Globe users to entice them to claim their rewards.

Bogus GCash SMS alert

Janet Sentorias, a GCash user, shared the screenshot of a text message she received from an unknown Globe prepaid number. It contains the link to the GCash phishing site built via Wix. The link was too obvious for anyone not to notice but for someone not familiar with Wix, they might get tempted to enter the site.

The GCash phishing site asks for an email address and a GCash mobile number. According to the instruction, users need to ensure that they are verified GCash subscribers to be entitled to the bogus reward.

Some red flags on this site, for those not familiar how phishing works, are:

  • Inconsistent domain. The site used a Wixsite.com domain instead of the GCash’s official domain GCash.com or its mother company Globe.com.ph
  • Unofficial SMS sender. The message was sent from a Globe prepaid number. GCash or any other legitimate companies usually use a 4-digit number to broadcast their advisories.
  • Grammar. Official advisories or statements from companies are being reviewed thoroughly. Both the SMS alert and the phishing site contain too many mistakes.
  • Sense of Urgency. One of the reasons why phishing campaigns are successful is its ability to trick humans. As cliche as it is, we are the weakness in the system. This phishing site, for instance, is urging recipients to claim their rewards until the end of the month.

Should you receive similar attacks, report it immediately to GCash and Globe so they could take appropriate actions against the cybercriminal.

Sentorias and some other GCash users tried to trace the identity of the culprit behind the mobile number used in this scheme. They were able to do so by sending a GCash amount to the number. For fairness, we reserved the right not to publish the identified person until an official investigation commence.

We have requested to have the site blocked in some known security vendors. We will also have this reported to GCash and their data protection officer as a heads up.


Wix Support Thread
  • February 1, 2019 – We reported this incident to GCash’s DPO and got a confirmation that they are already working on it.
  • February 2, 2019 – Wix contacted us to formally file a request to take down the link. We did so.
  • February 3, 2019 – Wix took down the GCash phishing link. GCash also confirmed that they already disabled the account of the scammer and that they will also send an advisory for security awareness.

Related Posts: