BPI phishing mails resurface

Bank of the Philippine Islands (BPI) is once again the subject of the recent phishing campaign sent last weekend. Carrying the subject “Account Security Alert Notification”, the concerned email is forcing recipients to update their account information by clicking a specified link.

The malicious link embedded in the spam mail belongs to a legit domain. Although the site has a valid certificate that makes it appear to be secured, the domain may have been compromised and was subsequently used to host the bank’s phishing page.

As of this writing, the page remains up and running. Based on VirusTotal, most web filtering services still tag the site as clean possibly because of the legitimacy of the domain. We have already requested a re-categorization of the specified link in several security vendors.

Looking at the mail header, the source IP came within the Philippines specifically in Santo Tomas, Batangas. Cisco Talos rated the IP as “Poor” and is currently blacklisted in Spamhaus.

Phishing campaign like this is just one of the major attacks that threaten the cyber landscape in the Philippines targetting clients of financial institutions. While banks, in general, are already cascading information security awareness on a regular basis, there would still be a handful of people who would fall victims on this. Apart from making sure that your devices where you access your bank accounts have security software installed, it still doesn’t hurt to be extra vigilant.


Fjordan Allego
Follow me

Related Posts:


  1. […] culprits behind the recent BPI phishing campaign seemed to be the same people behind the new wave of BDO phishing mails. This is evident in the […]

  2. […] week after we have spotted the resurface of BPI phishing emails, a new variant came next with the subject “Automated System Verification [ BPI ]”. The […]

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.