Phishing Scams Targeting GCash, Maya, and Bank Users in the Philippines
Philippine mobile users face high-volume phishing targeting GCash, Maya (PayMaya), BDO, BPI, and Metrobank, using SMS spoofing, Facebook Messenger links, and cloned e-wallet portals to harvest account credentials and OTPs.
Part of: Phishing
Last reviewed: 1 June 2026
The Philippines' rapid adoption of mobile wallets — led by GCash and Maya — has created a high-value target for phishing operations. Millions of Filipinos use these apps for daily transactions, remittances, and bill payments, making credential theft immediately lucrative for scammers.
The Bangko Sentral ng Pilipinas (BSP) and the Cybercrime Investigation and Coordinating Center (CICC) have jointly addressed the surge in e-wallet phishing, with GCash itself issuing repeated warnings that it never asks for PINs or MPINs through any channel.
How this scam works on Philippines
Victims receive SMS messages appearing to come from GCash or their bank warning of a suspicious transaction, account suspension, or an unclaimed fund. A link leads to a convincing clone of the GCash or Maya login page. Entering MPIN hands full wallet access to the scammer.
Facebook Messenger phishing is particularly prevalent: fake GCash or bank support pages send messages to users who posted complaints in public groups, offering to help resolve their issue through a private link. The link captures login credentials.
Some scams target OFW (Overseas Filipino Workers) remittance flows: fake GCash remittance portal links are shared in OFW Facebook groups, harvesting sender credentials and redirecting remittances to scammer-controlled accounts.
Common red flags
- SMS warning of a GCash or Maya account issue with a link to verify details
- Facebook message from a page claiming to be GCash or bank support asking you to click a link
- GCash or Maya login page reached via a link rather than the official app — check the URL carefully
- Any request for your MPIN, OTP, or password through a channel other than the official app
- OFW remittance portal link shared in a Facebook group rather than accessed through official apps
How to protect yourself
- Access GCash and Maya only through the official app — never via links in SMS or Facebook messages
- Never share your MPIN, OTP, or password with anyone, including people claiming to be customer support
- Enable biometric login and account activity notifications on all e-wallet apps
- Report suspicious GCash pages on Facebook to GCash's official Facebook page
- Contact GCash support at 2882 or Maya at 02-7795-7777 using numbers from the official app
How to report it
- Report to the CICC at cicc.gov.ph
- File a complaint with the BSP at bsp.gov.ph or call the BSP consumer assistance line
- Report to the NBI Cybercrime Division if significant funds were lost
Frequently asked questions
Does GCash ever contact users through SMS links to verify their account?
GCash does not send SMS links to login pages or request MPIN through SMS or social media messages. All legitimate account communications direct users to the official GCash app. Any SMS claiming to be from GCash with a link to verify your account is a phishing attempt.