UnionBank warns against smishing

Apparently, it’s not just the Bank of the Philippine Islands (BPI) who’s currently being targeted with a smishing campaign. Union Bank of the Philippines (UnionBank) is also facing the same threat to its growing digital bankers.

In its recent email advisory, UnionBank warns its clients against cybercriminals who are using text messaging service to lure recipients to a phishing site. According to the bank, they’ve been receiving reports of this SMS-based phishing recently.

Similar to phishing sent via email, the content of the text message uses the same tone – there’s an issue in victim’s account that needs to be verified asap to avoid cancellation.

What’s interesting about this particular smishing variant is that it seemed like the people behind this carefully planned on executing the campaign.

First, it used the name ‘UnionBank’ as the SMS sender. Instead of using any random 4-digit number or prepaid numbers, the culprit managed to run a tool that could ensure that delivery of smishing would reflect it came from the bank.

Second, to hide the malicious URL where it would eventually redirect its victims to, they used a customized URL shortener from bit.ly. While this isn’t a new tactic at all, it added more legitimacy to the SMS alert. Imagine getting a text message from ‘UnionBank’ containing a link going to https://bit[.]ly/UBVerify. I’m pretty sure a lot would fall prey to this, right?

Third, the phishing page is hosted in an almost identical official UnionBank domain. The bank’s website is unionbankph[.]com while the phishing domain is unionbnkph[.]com. Pretty smart move!

The UnionBank phishing domain was just registered about a month ago – March 24, 2020 based on its who.is records. This is the time where most of us are on community quarantine due to COVID-19. If the culprit is just based here in the Philippines, he must’ve been maximizing this time where people are mostly at home and heavily rely on technology to do banking transactions.

Fourth, and perhaps one of the best strategy the cyber criminal did for this campaign, is to make this a smishing instead of a regular phishing mail. Not only that he was able to bypass any email anti-spam and web security filtering, he was also able to leverage on the newly purchased domain to work perfectly for him on internet-enabled smartphones. If the victim clicks on the bit.ly link and redirected to the phishing site, the domain still looks exactly as UnionBank’s on mobile phone browsers. The culprit just needs to ensure that the landing phishing page is the exact replica of UnionBank’s online banking site.

As of this writing, the UnionBank phishing site is already down. Hopefully, the bank would acquire this domain as it could be used again for similar malicious activities in the future.

Fjordan Allego
Follow me
Latest posts by Fjordan Allego (see all)

Related Posts:

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.