BPI Online on Phishing

BPI Online on Phishing

Bank of Philippine Island issued a warning email alarming users of BPIExpressOnline (BPI’s online banking system) against Phishing / Phising.

Definitions of phishing on the Web:

  • In computing, phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack. en.wikipedia.org/wiki/Phishing
  • is the act of tricking someone into giving them confidential information or tricking them into doing something that they normally wouldn’t do or shouldn’t do. For example: sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. www.michigan.gov/cybersecurity/

Below is the email dispatch sent to BPIExpressOnline users :

Phishing Scams on the Rise
Phishing e-mails are sent to trick you into revealing personal and financial information. Don’t be a victim.We suggest that you use this short checklist to protect yourself against phishing attacks.

1. Begin your session by manually typing the web address of BPI into your browser.
The official URL of BPI Express Online is http://www.bpiexpressonline.com

2. Avoid disclosing personal or account details via email or embedded link.
Be skeptical of unsolicited e-mails, especially those that concern personal / account information. Delete suspicious emails or email attachments without opening them, even if they seem to have originated from someone you know.

3. Notify the sending company if you receive a suspicious email.
Contact us directly through Express Phone 89-100 or email us at [email protected]

4. Check the security certificate of the web page.
Before entering personal or account information into a site, make sure it is secure.

In Internet Explorer, you can do this by checking the yellow lock on the status bar. A closed lock is an indication of an encrypted site. If you think you may have responded to a suspicious email, change your password for Express Online as soon as possible. To change your password, login to www.bpiexpressonline.com and go to Account Maintenance –> Change Password.

We wish to reiterate that BPI will never send you an e-mail asking for information on your username and password. The Bank’s websites are protected by a 128-bit SSL encryption and Verisign’s Security Certificate. We would also like to remind you of the following legitimate website addresses of the Bank:


“Ka Edong” story tells his first hand experience in his blog together with screen capture and personal tips.

Luckily, i have not been a victim of such activity for more than 7 years of my existence in the web – much thanks to “personal experience” on digital security and of course, collaboration with other IT Security Enthusiasts like Sir Ramsey. Also attending Security Summits is a big plus as it gives you a broader information in various security topics.