GCash has blocked more than 4,900 fraudulent merchants linked to “quishing” or QR phishing schemes, as it ramps up efforts to combat online scams and protect users.

In a statement, the mobile wallet operator said scammers use fake QR codes and websites that mimic legitimate GCash payment pages to trick users into sending money or revealing sensitive information.

The company warned that these fraudulent QR codes may appear in posters, emails, receipts, or messages, redirecting users to malicious sites or fake login pages.

GCash said it has taken down suspicious accounts and continues to work with government agencies to curb digital fraud. It also urged users to verify website URLs and merchant details before completing transactions and to report suspicious activities through official channels.

“Scammers are evolving alongside digital payments,” said Miguel Geronilla, chief information security officer at GCash. “We have zero tolerance for these actors and are actively blocking and reporting them to protect our users.”