A new active smishing campaign is targeting clients of Banco De Oro (BDO). The most recent report that we have received was just last night with almost the same content as those of the previous variants released this year.
Just this April, UnionBank clients were hit by the SMS-based phishing attack prompting the Aboitiz-led bank to release an advisory. Another wave of this attack was seen towards the end of August.
Ayala’s Bank of the Philippine Islands (BPI) was also not spared as cybercriminals sent out SMS with a malicious link when the pandemic-induced lockdown started in Metro Manila.
The culprits are now eyeing BDO. This turn may not be surprising given that the bank is one of the largest in the Philippines.
This recent surge of smishing attacks is obviously attributed to the increasing number of Filipinos relying on digital banking this pandemic. BPI, for instance, reported an increase to 90 percent of digital transactions versus 72 percent prior to the pandemic.
It seemed like the rise of smishing-related threats will continue. To note, when we were checking the BDO smishing sample, we found newly created domains that may have been bought for similar campaigns. Majority of these domains were malicious variants of UBP and BDO.
The following are the malicious banking domains associated with the IP 163[.]44[.]136[.]225:
| Date Created | Malicious Domain |
| September 13, 2020 | onlinebanking-bdo[.]com |
| September 8, 2020 | union-bankph-verify[.]com |
| September 5, 2020 | portal-unionbankph[.]com |
| September 1, 2020 | onlineunion-bank[.]com |
| August 31, 2020 | updateunionbankph[.]com |
| August 31, 2020 | update-unionbankph[.]com |
| August 30, 2020 | onlineunion-bankph[.]com |
| August 30, 2020 | banking-unionbankph[.]com |
| August 28, 2020 | bankingunionbankph[.]com |
| August 27, 2020 | verify-unionbankph[.]com |
| August 27, 2020 | verifyunionbankph[.]com |
| August 27, 2020 | www[.]metrobankph[.]info |
| August 27, 2020 | onlinebankingunionbankph[.]com |
| August 26, 2020 | onlinebanking-unionbankph[.]com |
| August 26, 2020 | ebanking-unionbankph[.]com |
| August 26, 2020 | ub-unionbankph[.]com |
| August 25, 2020 | www[.]metrobank[.]website |
| August 21, 2020 | secure-unionbankph[.]com |
| August 21, 2020 | unionbankph-secure[.]com |
| August 19, 2020 | unionbank-validate[.]com |
| August 17, 2020 | ph-unionbank[.]com |
| August 16, 2020 | unionbank-online.com[.]ph |
| August 16, 2020 | unionbankph-online[.]com |
| August 15, 2020 | unionbankph-upgrade[.]com |
| August 12, 2020 | www[.]bdoonline-security[.]com |
| August 10, 2020 | metrobankph[.]com[.]ph |
| August 8, 2020 | unionbankph-update[.]com |
| August 7, 2020 | unionaccount[.]info |
| August 7, 2020 | onlinebdo-getverify[.]com |
| August 4, 2020 | bdoonlinevalidate[.]com |
| August 3, 2020 | bdoonline-updgrade[.]webstarterz[.]com |
| August 2, 2020 | bdo-onlineverify[.]webstarterz[.]com |
| July 31, 2020 | bdoonline-verify[.]biz |
| July 31, 2020 | bdo-onlineverify[.]info |
| July 31, 2020 | bdo-onlineverify[.]xyz |
| July 31, 2020 | bdoupdate[.]webstarterz[.]com |
| July 31, 2020 | bdoonline-verifylogin[.]webstarterz[.]com |
| July 29, 2020 | bdoonlineupgrade[.]webstarterz[.]com |
| July 28, 2020 | bdogetverified[.]webstarterz[.]com |
| July 26, 2020 | www[.]onlinebdoverify[.]com |
| July 23, 2020 | onlinebdo-care[.]com |
| July 23, 2020 | bdo-online[.]ph |
| July 22, 2020 | onlinebdo-updates[.]com |
The IP and domains were already reported to security vendors for blocking. We will also notify the involved banks regarding these findings for the active domains.
Credits: BDO FB Page (for the main photo) and Mr. James Chris Uy (for the BDO smishing copy)
- Phishing Email Analysis Landing Page - September 19, 2024
- BPI to hold Cybersecurity Conference to ‘Fortify Cyber-Resilience in an AI World’ - July 25, 2024
- New Smishing Campaign makes use of Globe SMS Sender ID - May 27, 2024
[…] domains associated in these variants and they’re all related to the same IP address that we reported last […]
it’s alarming how many phishing scams have risen since this pandemic began. It’s also infuriating how people can take advantage of others! It’s always good to be careful when doing online bank transactions as you just don’t know if your hard earned money is being targeted and stolen. Thanks for sharing this!