.

Phishing attempt at BPI Express Online users

January 13th, 2007 | by ka edong |

I got an email disguised as a BPI Express Online official mail. It was a phishing attempt targetted at BPI clients.

E-mail subject: “Confirm Your Account”

Message:

Dear Customer,
BPI Express continue to provide security controls to protect information about you, we believe it is extremely important for you to share in the responsibility for security. Notice to ensure that only you have access your BPI Express online account and to ensure a safe experience, we require for your account information for better security.

To verify your Information at this time, please visit our secure server webform by clicking the link below…
http s :// w ww.bpiexpressonline. com/accountactivi ties-logon/

BPI Epress Online account phishing

If I wasn’t vigilant, I could have fallen for it. But the URL of the link (when clicked) turned out to be an external URL (not within bpiexpressonline.)  That was the give-away.

My tips to spot a phishing attempt:

  • e-mail comes from a “stranger”, an un-familiar sender
  • It asks for sensitive information (e.g. username, password, credit card information)
  • It asks you to open a URL or file that is un-familiar to you (thus, NOT trustworthy, given the sensitive information it asks for).

What to do when you receive a phishing attempt:

  • Ignore. If you don’t give out sensitive info, you should be safe
  • Report. Gmail has a phishing report feature. This helps Netizens fight back against phishing.
  • Be vigilant, inform your friends and loved ones about this modus operandi.

Folks at BPI Express Online should be more pro-active in avoiding phishing and online banking fraud for the sake of BPI Clients. What they can do: Keep customers informed, help their customers remain vigilant of these phishing attempts.

Who has a contact at BPI Express Online? Could you forward this article to them?

ka edong
online bangking

Popularity: 5% [?]

organic seo
  • Share/Bookmark
Popularity: 5% [?]

    Related Articles on Technobiography:
  • No related posts.
    		•

    1. 11 Responses to “Phishing attempt at BPI Express Online users”

    2. By marbles on Jan 17, 2007 | Reply

      pls forward the email to expressonline@bpi.com.ph. I hope you haven’t deleted it yet.

      thanks for the info.

      [Reply]

    3. By ka edong on Jan 17, 2007 | Reply

      Hi Marbles,

      My email to expressonline@bpi.com.ph bounced.

      Better yet, BPI should visit the phishing website (mbdo.de ) and trace from there.

      [Reply]

    4. By pinoymoneytalk on Jan 25, 2007 | Reply

      Hi ka edong,

      Have you had success contacting BPI about this? I know a lot of people from BPI.

      Can you forward me a copy of the email, complete with the headers? I’ll try to trace back the IP and compare it with a list that I have. Send it to the email associated with this account.

      I think Pinoys should really be aware what phishing is. Those unaware can easily fall for these traps.

      More info on phishing attempts targeted to PayPal and eBay users are posted in Pinoy Money Talk.

      [Reply]

    5. By ka edong on Jan 25, 2007 | Reply

      Unfortunately, I don’t have the email anymore. I don’t recall deleting it. I think Gmail may have automatically deleted it after I sent a phishing report.

      Suggest you take a look at the screenshot, trace it through the URL of the phishing site.

      Please forward this article to your BPI contacts. Thanks

      goodluck!

      [Reply]

    6. By espiridion d. de la cruz jr. on Jun 11, 2008 | Reply

      dear sirs,

      The BPI had my Speedlink Courier Service courier mail document sent to me how can i claim my cheque. the document were signed below the sender’s email address: . this document were processed by the Yahoo!UKIE server and authenticated by server you can check out the document to them and read its full headers. i have requested them to collect in my behalf then the 60% will be to them.

      [Reply]

    7. By ka edong on Jun 11, 2008 | Reply

      Hi espiridion,
      I don’t understand your message.
      Are you asking for my help? What, specifically?

      [Reply]

    8. By lynnette on Aug 29, 2008 | Reply

      Hello. I read your blog about Corregidor Island. Is it possible to go there without joining a tour? We’re on a budget of 6 pax. Can we just take the ferry, hire a tour when we reach there & bring our own lunch? Thanks.

      [Reply]

    9. By jehzlau on May 18, 2009 | Reply

      huhuhu.. di ko ma access bpiexpressonline.com pero pag ibang IP na a-access ko. waaaaaaaaa! u think banned ang IP ko sa BPI?

      [Reply]

    1. 3 Trackback(s)

    2. Feb 3, 2007: Technobiography » BPI smells something Phishing
    3. Feb 4, 2007: BPI warns users against phishing emails at Pinoy Money Talk - Make Money Online and Offline
    4. Oct 4, 2007: Technobiography » Phishing attempts on Gmail Accounts

    Post a Comment


    CommentLuv Enabled


    Subscribe without commenting