Bank of the Philippine Islands Email Fraud Scheme
To my fellow BPI Account holders, you might be receiving an email from BPI from time to time. Like Confirmation of fund transfer transaction, bills payment and many more.
Based on the email content nothing is really suspicious. Even the address where it came from looks very legit because it's Bank of the Philippine Islands <expressonline@bpi.com.ph> for god sake! Who would ever thinks it's a spam or fraud.
Now, at the bottom of the email it has Verify my Account button. Since I'm suspicious about the email, I checked the email link of the button. It turns out will redirect you to a non-BPI website. Why non BPI related website? Obviously its address. https://secure1.bpiexpresonllineph.com/AuthFiles/. Noticed something? Below is an image for a clearer illustration.
The official address that BPI uses is bpiexressonline.com, so if you don't see that from any links at the email you received, then you don't ever click it.
Based on the domain registrar record, the domain is newly registered. Just this month and posibly just starting their operation to victimized BPI Express clients. See image below.
Another thing to notice about the email is that they attached the BPI president Cezar Peralta Consing. Is the president of BPI necessary for this kind of email or communication? In my opinion, the email which should involved the company's president could be like investors related or you have the issue with the company that cannot be resolved by the branch manager.
The usual sender of BPI notification are coming from BPI Express Online Team and ends like quoted below.
As of this posting, I have visited the link that goes the fake site but displayed an error page or The site can't be reached. In my opinion, the page would be displaying a form where you are going to fill-in your previous password and new password and many other information. More savvy users will easily notice that it's unusual but this scheme will still have a chance to bait some victims.
That's it for now, I ask you to share this post so that many BPI clients will know about this.
About 3 days ago (9/13/17) as of this posting, I received an email BPI - Account Verification with the following contain. See also screenshot.
Dear Valued Client,
We detected multiple access on your BPI Express Online (EOL) Account from different IP Address,We Temporarily Locked your Account inorder to Protect you from Potential Fraud. If you wish to Unlock your account and start transacting again.
Please Click the Link below and Verify your Account.We thank you for your trust and every day we will strive hard to keep that trust. This is why we, in BPI, continuously improve our services to ensure the best quality of service and the highest security of your finances.We sincerely appreciate your patience and understanding throughout this experience. Real stories about how you, our customers, have given our branch personnel words of encouragement, gestures of kindness, and show of support kept us going. Thank you so much for inspiring us to continue to make the best happen for you and your loved ones.
Cezar P. Consing |
Based on the email content nothing is really suspicious. Even the address where it came from looks very legit because it's Bank of the Philippine Islands <expressonline@bpi.com.ph> for god sake! Who would ever thinks it's a spam or fraud.
Now, at the bottom of the email it has Verify my Account button. Since I'm suspicious about the email, I checked the email link of the button. It turns out will redirect you to a non-BPI website. Why non BPI related website? Obviously its address. https://secure1.bpiexpresonllineph.com/AuthFiles/. Noticed something? Below is an image for a clearer illustration.
Based on the domain registrar record, the domain is newly registered. Just this month and posibly just starting their operation to victimized BPI Express clients. See image below.
Another thing to notice about the email is that they attached the BPI president Cezar Peralta Consing. Is the president of BPI necessary for this kind of email or communication? In my opinion, the email which should involved the company's president could be like investors related or you have the issue with the company that cannot be resolved by the branch manager.
The usual sender of BPI notification are coming from BPI Express Online Team and ends like quoted below.
At Your Service,
The BPI Express Online Team
As of this posting, I have visited the link that goes the fake site but displayed an error page or The site can't be reached. In my opinion, the page would be displaying a form where you are going to fill-in your previous password and new password and many other information. More savvy users will easily notice that it's unusual but this scheme will still have a chance to bait some victims.
That's it for now, I ask you to share this post so that many BPI clients will know about this.
Comments
Post a Comment