GCash, the prominent financial technology platform in the Philippines, has blocked more than 4,900 fraudulent merchants involved in a specialized phishing scheme known as “quishing.”
The company announced the enforcement action as part of an intensified campaign against illegal actors who use fake QR codes and deceptive websites to steal user funds.
The scam, which has been flagged by the Bangko Sentral ng Pilipinas, involves the use of fraudulent Quick Response codes to redirect unsuspecting victims to malicious payment pages which often mimic the official GCash interface and the national QRPh standard to gain credibility.
Once a user scans the code—which can be found on physical posters, digital messages, or fake receipts—they are prompted to enter sensitive information or authorize payments to illegitimate accounts.
Company officials noted that the surge in these scams comes at a time when Filipino consumers are facing increased economic pressure from rising transportation and living costs.
GCash stated that its proactive measures are designed to safeguard users who have become more protective of their discretionary spending.
In addition to blocking thousands of merchant accounts, GCash reported that it has coordinated with the Cybercrime Investigation and Coordinating Center (CICC) to take down more than 3,200 entities linked to illicit activities throughout 2025. This collaboration is part of a broader “GSafe Tayo” initiative aimed at hardening the app’s defenses against evolving cyber threats.
Miguel Geronilla, the Chief Information Security Officer at GCash, said the company maintains a zero-tolerance policy for fraudulent actors and emphasized the platform is constantly updating its security protocols to counter scammers who adapt alongside the growth of digital payments.
Geronilla added that by reporting these actors to regulators and authorities, the company aims to maintain the integrity of the country’s digital financial ecosystem.
The company is advising users to carefully inspect website URLs before entering any information, noting that official payment domains will always use “payments.gcash.com” rather than misspelled variations.
Other warning signs include merchant names that appear as random strings of characters or payment pages that look inconsistent with the standard user interface.
To support enforcement, GCash is encouraging customers to report suspicious transactions through its official help center or hotline.
The company also maintains a direct line of communication with the Philippine National Police Anti-Cybercrime Group and the CICC to facilitate the prosecution of digital financial crimes. NLMonitor
