Wix phishing site targets GCash users

A fake GCash website has been put up to lure users in availing a P750 reward. Using Wix, a free, cloud-based web development platform that allows anyone to create their own website, the fake GCash website is being sent to various Globe users to entice them to claim their rewards.

Bogus GCash SMS alert

Janet Sentorias, a GCash user, shared the screenshot of a text message she received from an unknown Globe prepaid number. It contains the link to the GCash phishing site built via Wix. The link was too obvious for anyone not to notice but for someone not familiar with Wix, they might get tempted to enter the site.

The GCash phishing site asks for an email address and a GCash mobile number. According to the instruction, users need to ensure that they are verified GCash subscribers to be entitled to the bogus reward.

Some red flags on this site, for those not familiar how phishing works, are:

  • Inconsistent domain. The site used a Wixsite.com domain instead of the GCash’s official domain GCash.com or its mother company Globe.com.ph
  • Unofficial SMS sender. The message was sent from a Globe prepaid number. GCash or any other legitimate companies usually use a 4-digit number to broadcast their advisories.
  • Grammar. Official advisories or statements from companies are being reviewed thoroughly. Both the SMS alert and the phishing site contain too many mistakes.
  • Sense of Urgency. One of the reasons why phishing campaigns are successful is its ability to trick humans. As cliche as it is, we are the weakness in the system. This phishing site, for instance, is urging recipients to claim their rewards until the end of the month.

Should you receive similar attacks, report it immediately to GCash and Globe so they could take appropriate actions against the cybercriminal.

Sentorias and some other GCash users tried to trace the identity of the culprit behind the mobile number used in this scheme. They were able to do so by sending a GCash amount to the number. For fairness, we reserved the right not to publish the identified person until an official investigation commence.

We have requested to have the site blocked in some known security vendors. We will also have this reported to GCash and their data protection officer as a heads up.

***Updates***

Wix Support Thread
  • February 1, 2019 – We reported this incident to GCash’s DPO and got a confirmation that they are already working on it.
  • February 2, 2019 – Wix contacted us to formally file a request to take down the link. We did so.
  • February 3, 2019 – Wix took down the GCash phishing link. GCash also confirmed that they already disabled the account of the scammer and that they will also send an advisory for security awareness.

Follow me

Fjordan Allego

Fjordan Allego aka Fjordz is an IT security practitioner in the Philippines. He maintains a couple of blogs where he shares his views on various topics that he finds interesting. A self-confessed introvert who's mostly active in social media, Fjordz also loves to travel and explore the wonders of the world.
Fjordan Allego
Follow me

Related Posts:

Trackbacks

  1. […] SMShing incident is similar to the previous GCash phishing report that was featured in this blog earlier this month. It used the free web development platform […]

Leave a Reply to New GCash phishing leverages on Chinese New Year Cancel reply

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.