Rise of smishing attacks vs PH banks

A new active smishing campaign is targeting clients of Banco De Oro (BDO). The most recent report that we have received was just last night with almost the same content as those of the previous variants released this year.

Just this April, UnionBank clients were hit by the SMS-based phishing attack prompting the Aboitiz-led bank to release an advisory. Another wave of this attack was seen towards the end of August.

Ayala’s Bank of the Philippine Islands (BPI) was also not spared as cybercriminals sent out SMS with a malicious link when the pandemic-induced lockdown started in Metro Manila.

The culprits are now eyeing BDO. This turn may not be surprising given that the bank is one of the largest in the Philippines.

This recent surge of smishing attacks is obviously attributed to the increasing number of Filipinos relying on digital banking this pandemic. BPI, for instance, reported an increase to 90 percent of digital transactions versus 72 percent prior to the pandemic.

It seemed like the rise of smishing-related threats will continue. To note, when we were checking the BDO smishing sample, we found newly created domains that may have been bought for similar campaigns. Majority of these domains were malicious variants of UBP and BDO.

The following are the malicious banking domains associated with the IP 163[.]44[.]136[.]225:

Date CreatedMalicious Domain
September 13, 2020onlinebanking-bdo[.]com
September 8, 2020union-bankph-verify[.]com
September 5, 2020portal-unionbankph[.]com
September 1, 2020onlineunion-bank[.]com
August 31, 2020updateunionbankph[.]com
August 31, 2020update-unionbankph[.]com
August 30, 2020onlineunion-bankph[.]com
August 30, 2020banking-unionbankph[.]com
August 28, 2020bankingunionbankph[.]com
August 27, 2020verify-unionbankph[.]com
August 27, 2020verifyunionbankph[.]com
August 27, 2020www[.]metrobankph[.]info
August 27, 2020onlinebankingunionbankph[.]com
August 26, 2020onlinebanking-unionbankph[.]com
August 26, 2020ebanking-unionbankph[.]com
August 26, 2020ub-unionbankph[.]com
August 25, 2020www[.]metrobank[.]website
August 21, 2020secure-unionbankph[.]com
August 21, 2020unionbankph-secure[.]com
August 19, 2020unionbank-validate[.]com
August 17, 2020ph-unionbank[.]com
August 16, 2020unionbank-online.com[.]ph
August 16, 2020unionbankph-online[.]com
August 15, 2020unionbankph-upgrade[.]com
August 12, 2020www[.]bdoonline-security[.]com
August 10, 2020metrobankph[.]com[.]ph
August 8, 2020unionbankph-update[.]com
August 7, 2020unionaccount[.]info
August 7, 2020onlinebdo-getverify[.]com
August 4, 2020bdoonlinevalidate[.]com
August 3, 2020bdoonline-updgrade[.]webstarterz[.]com
August 2, 2020bdo-onlineverify[.]webstarterz[.]com
July 31, 2020bdoonline-verify[.]biz
July 31, 2020bdo-onlineverify[.]info
July 31, 2020bdo-onlineverify[.]xyz
July 31, 2020bdoupdate[.]webstarterz[.]com
July 31, 2020bdoonline-verifylogin[.]webstarterz[.]com
July 29, 2020bdoonlineupgrade[.]webstarterz[.]com
July 28, 2020bdogetverified[.]webstarterz[.]com
July 26, 2020www[.]onlinebdoverify[.]com
July 23, 2020onlinebdo-care[.]com
July 23, 2020bdo-online[.]ph
July 22, 2020onlinebdo-updates[.]com

The IP and domains were already reported to security vendors for blocking. We will also notify the involved banks regarding these findings for the active domains.

Credits: BDO FB Page (for the main photo) and Mr. James Chris Uy (for the BDO smishing copy)

Fjordan Allego
Follow me
Latest posts by Fjordan Allego (see all)

Related Posts:

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.