Unionbank of the Philippines Phishing Scam



A new and bold phishing scam involving the Unionbank of the Philippines EON online banking service has just recently been discovered.

This Friday at 4:20AM I received a message from the "Unionbank of the Philippines," saying that I need to update my banking information for their commitment of reducing fraud on their website. I was half-convinced since they mentioned my full name on the message. Unfortunately, this is very ironic since the link given in the message gives you a phishing website.


Normally you'd feel safe clicking an "https" web address, but let's remember secure links also are usable by phishers. The following image is the phishing website itself. Observe the details.


Now, here's the GENUINE Unionbank of the Philippines EON web page.


The details of both photos will come as strikingly similar to an average person using the web, but we'll point out some key differences for safety's sake:

1. The genuine EON page only asks for your card number OR user ID and PIN. The fake EON page asks for all of your details, which are enough to withdraw amounts of money continuously without your permission. The details being asked can also be used with online transactions, since online merchants require your card expiry and card security code for confirmation purposes;

2. The submit button is aligned on the genuine EON page while its location is far off the fake EON page;

3. The genuine EON page carries a Norton-Verisign security seal. This means that the website is authentic, verified, and is safe;

4. The genuine web address of the Unionbank of the Philippines is "unionbankph.com" while the fake address has "unionbankph.com.ph" for its address.

Now, what will you do if you have already entered your details on this phishing website? Call Unionbank of the Philippines' customer service immediately. Do not wait. Tell them to immediately block your card and disallow any transactions. Not only would your money be safe, this method may also reveal the phisher's physical location. The bank's numbers are given below for your convenience.


Unionbank of the Philippines Telephone Number

Landline
84-186* or (02)841-8600
Domestic Toll Free
1-800-1888-2277*
Universal Toll Free
IAC+800-8277-2273
Trunkline
(02)667-6388

This phising warning serves as a catch-all for all future phishing attempts. First, always make sure that the email you've received from your bank (or any other financial institution/person) is authentic. If it looks authentic, check if the outgoing links and the webpage itself are authentic. If it asks too many details such as card security codes or expiry, immediately report the web page through its domain host, your bank, or your local authorities.

Now, with regards to the phising attempt on Unionbank of the Philippines itself. It's either the bank's EON accounts database was hacked, or that it was an inside job.


6 comments :

matagal tagal na to bro muntik na din ako na biktama yang scam na yan, pag nag login ka dyn mayayari ung pera mo

yes..ako din kanina lang naka-recieved ng ganito kaso sorry sila di iyan ang banko ko...kaya erase ko agad..;)

Got this email yesterday morning too! Though I wasn't able to open the email because my computer promptly warned me that it's a phishing email. I moused over the sender's email and saw that it's not an official EON email. Besides, my EON has been deactivated like 3 years ago. Hahaha

One of my main concern is, yung mga EON holders lang din ang nakakatanggap nito. That means those phishers got information as to who has EON accounts and their email address. There are two possibilities either it's an inside job (people from the inside who either sell their clients info or insiders themselves), second, Unionbank's data is vulnerable to hackers.
Either way, if you are not keen, you would easily get victimized by this. Unionbank has to strengthen their defenses and security features. Kahit yung password nila hindi enough. Considering na bank sila and real money is involve here. tsk tsk they should change the look of their website already, including the EON login page.

Thanks for posting this. I got the email as well and needed to confirm my suspicion. The weird thing is, I don't even have an EON account. I was just about to sign up for it last week via Unionbank's online form, but changed my mind before I could provide any info. So now I'm wondering how they got my email address.

i am trying to log on line on my EON acct. it keeps on repeating to enter a valid user name or card no. when in fact the number i am entering is my card number. I am on the secured unionbank site.

Post a Comment

Thanks for sharing your thoughts. Don't forget to share or like the post on Facebook, Twitter, and Google+.

For your privacy and anonymity, you have the option to anonymously comment. Regardless, comments are heavily monitored. Profane, vulgar, hateful, and spam content will immediately be removed.