A new and bold phishing scam involving the Unionbank of the Philippines EON online banking service has just recently been discovered.
This Friday at 4:20AM I received a message from the "Unionbank of the Philippines," saying that I need to update my banking information for their commitment of reducing fraud on their website. I was half-convinced since they mentioned my full name on the message. Unfortunately, this is very ironic since the link given in the message gives you a phishing website.
Normally you'd feel safe clicking an "https" web address, but let's remember secure links also are usable by phishers. The following image is the phishing website itself. Observe the details.
Now, here's the GENUINE Unionbank of the Philippines EON web page.
The details of both photos will come as strikingly similar to an average person using the web, but we'll point out some key differences for safety's sake:
1. The genuine EON page only asks for your card number OR user ID and PIN. The fake EON page asks for all of your details, which are enough to withdraw amounts of money continuously without your permission. The details being asked can also be used with online transactions, since online merchants require your card expiry and card security code for confirmation purposes;
2. The submit button is aligned on the genuine EON page while its location is far off the fake EON page;
3. The genuine EON page carries a Norton-Verisign security seal. This means that the website is authentic, verified, and is safe;
4. The genuine web address of the Unionbank of the Philippines is "unionbankph.com" while the fake address has "unionbankph.com.ph" for its address.
Now, what will you do if you have already entered your details on this phishing website? Call Unionbank of the Philippines' customer service immediately. Do not wait. Tell them to immediately block your card and disallow any transactions. Not only would your money be safe, this method may also reveal the phisher's physical location. The bank's numbers are given below for your convenience.
Unionbank of the Philippines Telephone Number
84-186* or (02)841-8600
Domestic Toll Free
Universal Toll Free
This phising warning serves as a catch-all for all future phishing attempts. First, always make sure that the email you've received from your bank (or any other financial institution/person) is authentic. If it looks authentic, check if the outgoing links and the webpage itself are authentic. If it asks too many details such as card security codes or expiry, immediately report the web page through its domain host, your bank, or your local authorities.
Now, with regards to the phising attempt on Unionbank of the Philippines itself. It's either the bank's EON accounts database was hacked, or that it was an inside job.