Sunday, December 6, 2015

BPI Express Online Phishing Email


I received this email from "expressonline@bpi.com.ph" with the subject line "Credit Card Fraud Alert. Please Verify Your Credit Card Infomations" last night before I went to bed. The email says:


Dear BPI customer,

 We have recently detected unusual activities from your credit card. We
sent you this email for you to please update all your credit card informations.
Your card will be disabled until you complete the verification process. In order
to verify your card, please click the given link below.

 BPI VERIFICATIONS 

 We are hoping for your cooperation. Thank You
Should you have comments, questions or complaints regarding this particular transaction, please e-mail us at 
support@bpi.com.ph.

Thank you for banking with us!

 From the BPI Express Mobile Team
--------------------------------------------------------------------------------------------------------------------------
Want to know more? Visit www.bpiexpressonline.com. Like us on Facebook or follow us on Twitter.

 Reminder: Logoff and close the browser after completing your transactions.


I once worked at PayPal so I know what a phishing email looks like. That was an advantage for me. But not everyone can be as meticulous as those who worked under this department. Hackers made the email look legitimate and were even able to mask the email address to appear that it is indeed coming from BPI.

BPI has this so called "BPI-EOL" that allows you to access your online statement through your PC or other electronic devices. It allows you to do online payment, money transfers to enrolled third parties and many more. However, if you have your BPI EOL activated with 'Transfer to anyone' option, this may become a big problem  when a hacker gets a hold of your information.



How I was able to know this is a phishing email?

1. BPI and other banks will always address you with your first and last name. Not with "Dear BPI Customer". (E.g. "Dear Gandara Park,")

 2. For any detected unusual credit card transactions, your bank will call you and ask if you did that transaction.

 3. I don't have a credit card. (So joke is on you, hacker!)

 4. Banks do not allow links in their email to view a certain transaction. They will encourage you to go to their website directly.

 5. "Informations" is grammatically incorrect.

 6. The "Like us on Facebook or follow us on Twitter" doesn't have a link. But if it does, don't go clicking still.


I've been seeing a lot of news recently about people complaining that they lost a big sum of money even without leaving their houses or going to ATMs. I'm thinking probably these people do online banking and stuff.

But the ATM card tampering is also a different story.

So yes, if you know someone who owns a BPI account and has access to online banking, feel free to share this info.




Written by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)