I got an email disguised as a BPI Express Online official mail. It was a phishing attempt targetted at BPI clients.
E-mail subject: “Confirm Your Account”
Message:
Dear Customer,
BPI Express continue to provide security controls to protect information about you, we believe it is extremely important for you to share in the responsibility for security. Notice to ensure that only you have access your BPI Express online account and to ensure a safe experience, we require for your account information for better security.To verify your Information at this time, please visit our secure server webform by clicking the link below…
http s :// w ww.bpiexpressonline. com/accountactivi ties-logon/
If I wasn’t vigilant, I could have fallen for it. But the URL of the link (when clicked) turned out to be an external URL (not within bpiexpressonline.) That was the give-away.
My tips to spot a phishing attempt:
- e-mail comes from a “stranger”, an un-familiar sender
- It asks for sensitive information (e.g. username, password, credit card information)
- It asks you to open a URL or file that is un-familiar to you (thus, NOT trustworthy, given the sensitive information it asks for).
What to do when you receive a phishing attempt:
- Ignore. If you don’t give out sensitive info, you should be safe
- Report. Gmail has a phishing report feature. This helps Netizens fight back against phishing.
- Be vigilant, inform your friends and loved ones about this modus operandi.
Folks at BPI Express Online should be more pro-active in avoiding phishing and online banking fraud for the sake of BPI Clients. What they can do: Keep customers informed, help their customers remain vigilant of these phishing attempts.
Who has a contact at BPI Express Online? Could you forward this article to them?
ka edong
online bangking
Popularity: 5% [?]
{ 8 comments… read them below or add one }
pls forward the email to expressonline@bpi.com.ph. I hope you haven’t deleted it yet.
thanks for the info.
Hi Marbles,
My email to expressonline@bpi.com.ph bounced.
Better yet, BPI should visit the phishing website (mbdo.de ) and trace from there.
Hi ka edong,
Have you had success contacting BPI about this? I know a lot of people from BPI.
Can you forward me a copy of the email, complete with the headers? I’ll try to trace back the IP and compare it with a list that I have. Send it to the email associated with this account.
I think Pinoys should really be aware what phishing is. Those unaware can easily fall for these traps.
More info on phishing attempts targeted to PayPal and eBay users are posted in Pinoy Money Talk.
Unfortunately, I don’t have the email anymore. I don’t recall deleting it. I think Gmail may have automatically deleted it after I sent a phishing report.
Suggest you take a look at the screenshot, trace it through the URL of the phishing site.
Please forward this article to your BPI contacts. Thanks
goodluck!
dear sirs,
The BPI had my Speedlink Courier Service courier mail document sent to me how can i claim my cheque. the document were signed below the sender’s email address: . this document were processed by the Yahoo!UKIE server and authenticated by server you can check out the document to them and read its full headers. i have requested them to collect in my behalf then the 60% will be to them.
Hi espiridion,
I don’t understand your message.
Are you asking for my help? What, specifically?
Hello. I read your blog about Corregidor Island. Is it possible to go there without joining a tour? We’re on a budget of 6 pax. Can we just take the ferry, hire a tour when we reach there & bring our own lunch? Thanks.
huhuhu.. di ko ma access bpiexpressonline.com pero pag ibang IP na a-access ko. waaaaaaaaa! u think banned ang IP ko sa BPI?
{ 3 trackbacks }