It seems that scammers are still on a roll even during Valentine’s Day, as research firm Cyren reports that customers of UnionBank were the latest victims of an SMS Phishing attack, where they were offered Php 10,000 as a treat for being a “loyal customer” of the bank. Some UnionBank users received the suspicious SMS as early as February 3, where clicking through the link brings them to a phishing site that fronts as a UnionBank login page. The URL went through two or three redirects, and Cyren adds that the said URL was hosted by more than one domain.
While Cyren Detection Technologies Senior Manager Magni Sigurðsson could not confirm how many accounts were affected, they speculate that those involved in the phishing scheme were most likely from the Philippines. “The fact that the attack is distributed via SMS text message can also make them more believable. We will see similar attacks, but the attackers will adjust or make changes to how they send out these attacks,” Sigurðsson said.
Given how sophisticated phishing schemes are these days, Cyvatar Vice President for Member Delivery Dave Cundiff suggests that one should never trust an SMS sale or deal. “If it looks like a good offering, I would go to the website of the bank or store independent of the SMS message and if there’s a deal it will usually be listed on the account page or on my store page after I login. That’s always the safest manner of verifying the validity of SMS messages,” Cundiff adds.
Prior to this, BDO was involved in a massive hacking incident where around 700 account holders lost as much as Php 100,000 in unauthorized transactions, where the money was transferred to multiple UnionBank accounts and was used to purchase Bitcoin.