After BPI, its rival bank BDO is now being dragged into another possible series of phishing attacks.

BDO’s phishing mail carrying the subject “Account Login Verification!” urges recipients to verify their online account to avoid system interruptions. Since these hackers have been using this old trick over and over again, we can suspect that they’re still able to victimize a lot of account holders.

The culprits behind the recent BPI phishing campaign seemed to be the same people behind the new wave of BDO phishing mails. This is evident in the source IP used in the sampled mail that our team received today. Both belong to the same segment owned by Galaxy Cable Corp in Santo Tomas, Batangas.

The source IP, along with the rest of IPs under the same segment, have poor email reputation based on Cisco Talos. It’s been blacklisted as well as shown in the photo above.

The landing page of the phishing mail redirects to a compromised Thai website. While it lures victims that they’re transacting in a secure connection (the site uses https), the customized BDO landing page where victims will be requested to fill out their account information asks too much sensitive information including their card number, expiration date and security code that banks often say they won’t get in any way from their customers.

These attempts by cybercriminals to get hold of your account information will continue to rise if they’re still getting money out of these tricks. We all have to be extra careful and vigilant when doing financial transactions online.

Fjordan Allego
Follow me

Related Posts:

By Fjordan Allego

Fjordan Allego aka Fjordz is an IT security practitioner in the Philippines. He maintains a couple of blogs where he shares his views on various topics that he finds interesting. A self-confessed introvert who's mostly active in social media, Fjordz also loves to travel and explore the wonders of the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.