Training by example · Information, not advice
Spot the scam
The texts, calls and QR codes that target people sending money home rely on one thing: that you act before you check. This walks eight teaching reconstructions of patterns GCash, the DTI, the DMW, the US FTC and CISA have documented. Call each one, see the tells right away, and read what each source says and where it says to report it. It runs in your browser; nothing you tap is sent or stored.
Training by example · 8 messages
Could you spot it?
Eight messages of the kind that reach OFWs and the people sending money home. For each one, call it: ordinary, or a scam. You’ll see the tells straight away, what GCash, the DTI, the DMW, the FTC and CISA say about that pattern, and where each agency says to report it. These are teaching reconstructions, not anyone’s real message — and no checklist makes you scam-proof.
Runs entirely in your browser. Nothing is sent, stored, or seen by anyone.
The interactive scorer needs JavaScript. Below is every specimen with its verdict, the tells, the source and where to report it — as a static list.
Good day from GCash. Your account is under review and will be limited within 24 hours. Verify now to keep your wallet active: gcash-verify-ph.com/secure
Scam — a spoofed-sender “verify your account” link.
The tells
- Sender ID is spoofed, so a fake message can sit in the same thread as real GCash texts
- A link that asks you to “verify” — the domain is gcash-verify-ph.com, not gcash.com
- Manufactured urgency (“within 24 hours”) to stop you checking
What the source says
GCash’s Help Center states GCash never sends account links by SMS and never asks you to verify your account through a texted link, MPIN or OTP. Confirm with GCash Help Center — How can I protect my GCash account?
Report it via GCash hotline 2882 or help.gcash.com; you can also report scams to the CICC hotline 1326.
BUREAU OF CUSTOMS: Your balikbayan box (Ref BX-4471) is held pending duties. Pay ₱3,500 clearance to GCash 0920••••••• within today to avoid disposal.
Scam — “your box is held, pay a fee” to a personal number.
The tells
- Payment demanded to a personal GCash number, not an official channel
- Pressure to pay “today” or lose the box
- A customs reference that you can’t verify with the courier
What the source says
The DTI warns of holiday balikbayan-box scams where senders are asked to pay fake fees; the Bureau of Customs states duties and taxes are collected only through Accredited Agent Banks, never personal accounts. DTI — Stay vigilant against balikbayan box scams
Check the box status with your courier directly; report to DTI (Fair Trade Enforcement Bureau) and the CICC hotline 1326.
[Image: “GCash — Sent ₱2,000.00 to you. Ref 9921•••”] Sent na po! Pa-release na po ng item, nagmamadali po ako, salamat!
Scam — a forged “proof of payment” screenshot.
The tells
- The “proof” is a screenshot/image, not money you can see in your own app
- Rushing you to release the item before you check
- No matching entry in your GCash Transactions tab
What the source says
GCash has warned the public about AI-generated fake GCash receipts and states a payment should always be confirmed in your own app’s Transactions tab, not from a sent screenshot. Confirm with GCash / Mynt newsroom — fake-receipt scams advisory
Confirm the credit in your own GCash Transactions tab before releasing anything; report a scam via GCash 2882.
URGENT HIRING — Hotel staff in Canada, no experience needed, salary CAD 3,500. Limited slots. Processing/visa fee ₱28,000 to reserve your slot, payable today via e-wallet.
Scam — an upfront-fee overseas “job offer”.
The tells
- A fee demanded before any deployment, paid to an e-wallet
- Recruiting only through a social-media page
- Agency and job order can’t be verified on the DMW website
What the source says
The DMW warns that social media is used to lure OFWs into recruitment scams and that agencies and job orders should be verified on the DMW website; legitimate licensed agencies do not collect placement fees this way. PIA / DMW — Social media used to lure OFWs into recruitment scams
Verify the agency and job order on the DMW website; report illegal recruitment to the DMW hotline 1348.
“Ma, ako ’to — na-accident ako, nasa ospital. Kailangan ko ng ₱40,000 ngayon para sa deposit. Wag mong sabihin kay Papa, ipadala mo na lang agad sa number na ito.”
Scam — an urgent “family emergency”, possibly a cloned voice.
The tells
- Extreme urgency plus secrecy (“don’t tell Papa”)
- An unusual payment to a new number, right now
- A familiar-sounding voice — short clips can be used to clone one
What the source says
The US FTC describes family-emergency scams and warns that scammers can use AI to clone a familiar voice from short audio; it describes verifying by calling the person back on a known number and using a family code word. US FTC — Scammers use fake emergencies / voice cloning
Hang up and call the relative back on their known number; agree a family code word. Cyber-incidents can be reported to PNP-ACG or the CICC hotline 1326.
[QR code] “Scan to claim your ₱1,000 GCash reward!” The QR opens a login page at gcash-payments.com asking for your number and MPIN.
Scam — “quishing”: a QR to a look-alike login page.
The tells
- A look-alike domain (gcash-payments.com), not the official payments.gcash.com
- A page asking for your MPIN — login pages never need your MPIN typed into a website
- A “reward” you didn’t expect, claimed by scanning
What the source says
GCash has flagged “quishing” QR scams and describes look-alike URLs and unrelated merchant names as signs of a fake page; it states it never asks for your MPIN on a web page. Confirm with GCash advisory on “quishing” QR scams (via Philstar/Manila Bulletin)
Don’t enter anything; report a scam via GCash 2882 and the CICC hotline 1326.
You have received PHP 1,500.00 from JUAN D. (•••• 4471). Ref No. 1029•••••. Your new balance is PHP 3,210.00. Thank you for using GCash.
Looks like a normal notice — no link, no request, verify in-app.
Why it reads as ordinary
- No link to click and nothing to “verify”
- It does not ask for your MPIN, OTP or password
- It states a reference you can match in your own Transactions tab
What the source says
GCash’s Help Center states GCash never asks for your MPIN or OTP and never sends account links; a routine notice carries none of those. The safe check is to open the app yourself and match the reference — a notice alone is not proof. Confirm with GCash Help Center — How can I protect my GCash account?
Open GCash yourself and confirm the entry in the Transactions tab — never act on the SMS alone.
LBC: Your shipment 3155•••••• is out for delivery today and will arrive between 1–5 PM. Track at lbcexpress.com/track. No payment is required.
Looks ordinary — official domain, no fee, no credential ask.
Why it reads as ordinary
- The link domain matches the courier’s real site (lbcexpress.com)
- It asks for no payment and no personal codes
- It matches a shipment you were actually expecting
What the source says
CISA describes phishing red flags as unexpected requests, urgency, and links that mismatch the real organisation; a message with none of these, for something you expected, shows none of those signals. CISA still advises typing the address yourself if unsure rather than tapping the link. CISA — Recognize and Report Phishing
If unsure, type the courier’s address yourself instead of tapping the link, and track with the reference number.
Make a call to see the answer.
Scammers change their wording, numbers and channels constantly. A good run here is practice, not protection — when a message involves money, confirm it with the provider or agency on a channel you looked up yourself.
Your recap
- Verify SMS Scam — a spoofed-sender “verify your account” link. Confirm with GCash Help Center — How can I protect my GCash account?
- Customs fee Scam — “your box is held, pay a fee” to a personal number. DTI — Stay vigilant against balikbayan box scams
- Fake receipt Scam — a forged “proof of payment” screenshot. Confirm with GCash / Mynt newsroom — fake-receipt scams advisory
- Job offer Scam — an upfront-fee overseas “job offer”. PIA / DMW — Social media used to lure OFWs into recruitment scams
- Emergency call Scam — an urgent “family emergency”, possibly a cloned voice. US FTC — Scammers use fake emergencies / voice cloning
- QR reward Scam — “quishing”: a QR to a look-alike login page. Confirm with GCash advisory on “quishing” QR scams (via Philstar/Manila Bulletin)
- Normal notice Looks like a normal notice — no link, no request, verify in-app. Confirm with GCash Help Center — How can I protect my GCash account?
- Delivery update Looks ordinary — official domain, no fee, no credential ask. CISA — Recognize and Report Phishing
Sources — checked, dated
Check these on the official page
Some providers’ pages can’t be checked automatically, and only the provider can show what’s true today. For anything marked “Confirm with …”, open its official page below and read it yourself.
Sources checked
Sourced & dated information — not financial or immigration advice. Our sources & ranking policy.