After BPI, its rival bank BDO is now being dragged into another possible series of phishing attacks.
BDO’s phishing mail carrying the subject “Account Login Verification!” urges recipients to verify their online account to avoid system interruptions. Since these hackers have been using this old trick over and over again, we can suspect that they’re still able to victimize a lot of account holders.
The culprits behind the recent BPI phishing campaign seemed to be the same people behind the new wave of BDO phishing mails. This is evident in the source IP used in the sampled mail that our team received today. Both belong to the same segment owned by Galaxy Cable Corp in Santo Tomas, Batangas.
The source IP, along with the rest of IPs under the same segment, have poor email reputation based on Cisco Talos. It’s been blacklisted as well as shown in the photo above.
The landing page of the phishing mail redirects to a compromised Thai website. While it lures victims that they’re transacting in a secure connection (the site uses https), the customized BDO landing page where victims will be requested to fill out their account information asks too much sensitive information including their card number, expiration date and security code that banks often say they won’t get in any way from their customers.
These attempts by cybercriminals to get hold of your account information will continue to rise if they’re still getting money out of these tricks. We all have to be extra careful and vigilant when doing financial transactions online.
- Phishing Email Analysis Landing Page - September 19, 2024
- BPI to hold Cybersecurity Conference to ‘Fortify Cyber-Resilience in an AI World’ - July 25, 2024
- New Smishing Campaign makes use of Globe SMS Sender ID - May 27, 2024