Phishing attempt at BPI Express Online users
Published on 13 Jan 2007 at 8:58 am.
7 Comments.
Filed under TechTips, Nets, Webs, Infostructure.
I got an email disguised as a BPI Express Online official mail. It was a phishing attempt targetted at BPI clients.
E-mail subject: “Confirm Your Account”
Message:
Dear Customer,
BPI Express continue to provide security controls to protect information about you, we believe it is extremely important for you to share in the responsibility for security. Notice to ensure that only you have access your BPI Express online account and to ensure a safe experience, we require for your account information for better security.To verify your Information at this time, please visit our secure server webform by clicking the link below…
http s :// w ww.bpiexpressonline. com/accountactivi ties-logon/
If I wasn’t vigilant, I could have fallen for it. But the URL of the link (when clicked) turned out to be an external URL (not within bpiexpressonline.) That was the give-away.
My tips to spot a phishing attempt:
- e-mail comes from a “stranger”, an un-familiar sender
- It asks for sensitive information (e.g. username, password, credit card information)
- It asks you to open a URL or file that is un-familiar to you (thus, NOT trustworthy, given the sensitive information it asks for).
What to do when you receive a phishing attempt:
- Ignore. If you don’t give out sensitive info, you should be safe
- Report. Gmail has a phishing report feature. This helps Netizens fight back against phishing.
- Be vigilant, inform your friends and loved ones about this modus operandi.
Folks at BPI Express Online should be more pro-active in avoiding phishing and online banking fraud for the sake of BPI Clients. What they can do: Keep customers informed, help their customers remain vigilant of these phishing attempts.
Who has a contact at BPI Express Online? Could you forward this article to them?
ka edong
online bangking
-
Related Articles on Technobiography:
marbles on 17 Jan 2007 at 1:45 am: 1
pls forward the email to expressonline@bpi.com.ph. I hope you haven’t deleted it yet.
thanks for the info.
ka edong on 17 Jan 2007 at 2:33 pm: 2
Hi Marbles,
My email to expressonline@bpi.com.ph bounced.
Better yet, BPI should visit the phishing website (mbdo.de ) and trace from there.
pinoymoneytalk on 25 Jan 2007 at 3:34 pm: 3
Hi ka edong,
Have you had success contacting BPI about this? I know a lot of people from BPI.
Can you forward me a copy of the email, complete with the headers? I’ll try to trace back the IP and compare it with a list that I have. Send it to the email associated with this account.
I think Pinoys should really be aware what phishing is. Those unaware can easily fall for these traps.
More info on phishing attempts targeted to PayPal and eBay users are posted in Pinoy Money Talk.
ka edong on 25 Jan 2007 at 7:59 pm: 4
Unfortunately, I don’t have the email anymore. I don’t recall deleting it. I think Gmail may have automatically deleted it after I sent a phishing report.
Suggest you take a look at the screenshot, trace it through the URL of the phishing site.
Please forward this article to your BPI contacts. Thanks
goodluck!
Technobiography » BPI smells something Phishing on 3 Feb 2007 at 3:17 pm: 5
[…] « Phishing attempt at BPI Express Online users […]
BPI warns users against phishing emails at Pinoy Money Talk - Make Money Online and Offline on 4 Feb 2007 at 2:31 pm: 6
[…] An example of a BPI phishing email was posted by Ka Edong in his Technobiography blog. […]
Technobiography » Phishing attempts on Gmail Accounts on 4 Oct 2007 at 11:42 pm: 7
[…] Phishing attempt at BPI Express Online usersSending big Gmail attachmentsGmail Mobile gets the job doneGmail Chat - IM not excitedBPI smells something Phishing […]