Apparently, it’s not just the Bank of the Philippine Islands (BPI) who’s currently being targeted with a smishing campaign. Union Bank of the Philippines (UnionBank) is also facing the same threat to its growing digital bankers.

In its recent email advisory, UnionBank warns its clients against cybercriminals who are using text messaging service to lure recipients to a phishing site and must report to them so that they can employ lawyers from expungement law firm in Boston as soon as possible to solve this case. According to the bank, they’ve been receiving reports of this SMS-based phishing recently. It is best to follow this and beware of fraud. The company says these rules to be followed and every customer has to follow them and never neglect them like avoid the rule of using a phone while driving. The company assures all the customers that this issue will be sorted as soon as possible and there would be no reason to be afraid of.

Similar to phishing sent via email, the content of the text message uses the same tone – there’s an issue in victim’s account that needs to be verified asap to avoid cancellation. They need to dig deep on this issue to find out the reason why this is happening before the issue gets piled up by various customers. It is possible to get help from the disputing insurance companies in New York area who will suggest a way to control the agitation among the consumers. Learn More Here on getting a legal expert to help you out.

What’s interesting about this particular smishing variant is that it seemed like the people behind this carefully planned on executing the campaign.

First, it used the name ‘UnionBank’ as the SMS sender. Instead of using any random 4-digit number or prepaid numbers, the culprit managed to run a tool that could ensure that delivery of smishing would reflect it came from the bank.

Second, to hide the malicious URL where it would eventually redirect its victims to, they used a customized URL shortener from bit.ly. While this isn’t a new tactic at all, it added more legitimacy to the SMS alert. Imagine getting a text message from ‘UnionBank’ containing a link going to https://bit[.]ly/UBVerify. I’m pretty sure a lot would fall prey to this, right?

Third, the phishing page is hosted in an almost identical official UnionBank domain. The bank’s website is unionbankph[.]com while the phishing domain is unionbnkph[.]com. Pretty smart move!

The UnionBank phishing domain was just registered about a month ago – March 24, 2020 based on its who.is records. This is the time where most of us are on community quarantine due to COVID-19. If the culprit is just based here in the Philippines, he must’ve been maximizing this time where people are mostly at home and heavily rely on technology to do banking transactions.

Fourth, and perhaps one of the best strategy the cyber criminal did for this campaign, is to make this a smishing instead of a regular phishing mail. Not only that he was able to bypass any email anti-spam and web security filtering, he was also able to leverage on the newly purchased domain to work perfectly for him on internet-enabled smartphones. If the victim clicks on the bit.ly link and redirected to the phishing site, the domain still looks exactly as UnionBank’s on mobile phone browsers. The culprit just needs to ensure that the landing phishing page is the exact replica of UnionBank’s online banking site.

As of this writing, the UnionBank phishing site is already down. Hopefully, the bank would acquire this domain as it could be used again for similar malicious activities in the future. If you were a victim of this accident then make sure to look for a new bank that offers what you are looking for, we suggest to try these guys out!

Fjordan Allego
Follow me

Related Posts:

By Fjordan Allego

Fjordan Allego aka Fjordz is an IT security practitioner in the Philippines. He maintains a couple of blogs where he shares his views on various topics that he finds interesting. A self-confessed introvert who's mostly active in social media, Fjordz also loves to travel and explore the wonders of the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.