We have been alerted by an ongoing phishing campaign that targets clients and online banking users of the UnionBank of the Philippines. The phishing URL, which is being sent to users in the form of spam, is found hosted on a legitimate but compromised Russian domain. We have also found previous records of the said domain hosting a different phishing page a few days ago.
The spam entices users to visit a certain URL to “reactivate” their account. Once the URL is clicked, users are then directed to the following page:
click to enlarge
This phishing page has closely mimicked the look or template of legitimate pages where users can enter their sensitive banking information. The sample screenshot below is just one of several pages in the UnionBank website that uses the template.
click to enlarge
Once users have entered and submitted their information, a confirmation window pops up and then users are redirected to the legitimate UnionBank website.
click to enlarge
Most UnionBank users have their PayPal accounts tied to their banking accounts, so it is very important to steer clear from emails claiming to be from the bank that ask for banking details. If you, dear Reader, are indeed their client, better call them and inquire about the email you receive just to be sure. It also pays to consult this Anti-Fraud and Anti-Phishing Guidelines page from UnionBank for guidance on how to identify phishing pages from the real ones.
Jovi Umawing
Leave a reply
