Bulacan website hacked to host BDO phishing page

A recent phishing campaign involving BDO is particularly interesting as the culprits used a government-hosted website to spread the malicious email. The website of the province of Bulacan was first compromised to host the landing page of this phishing incident.

Facebook user Crystel VT first posted in her timeline the screenshots of the BDO phishing mail. At first glance, it may look exactly as its legitimate counterpart but closer inspection reveals so many red flags. The good thing is, Crystel isn’t gullible to believe this.

On her post, Crystel was wondering how these people managed to get hold of her email address. While the question is valid, the more pressing question is, how did these hackers compromise Bulacan’s official website?

The thing is, most of our government websites aren’t really secured to begin with. While the government’s efforts to raise cybersecurity awareness is a good initial step, we still have a long way to go to establish a good reputation in reference to our government-managed websites.

Bulacan’s website has been repeatedly targeted due to poor security in place. Remember the April Lulz event of Pinoy LulzSec? Bulacan’s website has been compromised there for two straight years – 2018 and 2019.

Tzar Umang, another concerned netizen, shared his dismay over the incident. He urged the Department of Information and Communications Technology (DICT) “to take a look at the security of different gov.ph sites” for vulnerabilities.

In a private conversation, Crystel said that she already reported this to BDO. The phishing URL has since been taken down.

Follow me

Fjordan Allego

Fjordan Allego aka Fjordz is an IT security practitioner in the Philippines. He maintains a couple of blogs where he shares his views on various topics that he finds interesting. A self-confessed introvert who's mostly active in social media, Fjordz also loves to travel and explore the wonders of the world.
Fjordan Allego
Follow me

Related Posts:

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.