Phishing Simulation Test

The post Phishing Email Analysis Landing Page appeared first on Blogger Engineer.

With the theme “Securing Consumer Trust and Fortifying Cyber-Resilience in an AI World,” the conference, which will be held on July 31 at Fairmont Makati, seeks to highlight the importance of a multi-stakeholder approach to fostering cyber-resilience and pushing for support toward policies that promote consumer protection and cybersecurity. According to the Philippine National Police, cybercrime cases increased to 21,300 in 2023 from 13,890 in 2022.

“We are fully aware that cyberthreats are getting more sophisticated these days. It is therefore critical to be two steps ahead to address cyber scams and increase awareness of Filipinos about these illicit online activities. With the challenges at hand, we encourage interested individuals to attend the conference so they can learn about relevant plans, policies, and initiatives on cybersecurity and consumer protection in the time of artificial intelligence,” said TG Limcaoco, BPI President and CEO.

Through this conference, BPI also aims to bring together cybersecurity subject matter experts from the National Privacy Commission (NPC), the House of Representatives (HOR), Department of Information and Communications Technology (DICT), Cybercrime Investigation and Coordinating Center (CICC), the Securities and Exchange Commission, the Department of Trade and Industry (DTI), the Armed Forces of the Philippines (AFP), the Asian Institute of Management (AIM), and the USAID Better Access and Connectivity (BEACON) project.

Speakers include government officials, such as Privacy Commissioner John Henry Naga, NPC; Chairperson of the House of Representatives Banks and Financial Intermediaries Committee, Rep. Irwin Tieng; Undersecretary Alexander Ramos, CICC Executive Director; Undersecretary Amanda Marie Nograles, DTI Consumer Affairs and Legal Services Group; Asst. Secretary Renato Paraiso, DICT Legal Affairs; Atty. Glory
Grace Arugay, SEC; and Col. Francel Margareth Padilla-Taborlupa, AFP Spokesperson. From the private sector and the academia, speakers include Prof. Philip Kwa, AIM Clinical Professor and Academic Program Director for Master in Cybersecurity and Engr. Pierre Tito Galla, USAID BEACON Cybersecurity Lead. The panel discussions will be moderated by Atty. Richard Leo Baldueza, House of Representatives Banks and Financial Intermediaries Committee Secretary; Mary Grace Mirandilla-Santos, Secure Connections ICT Policy Analyst; and Dr. William Emmanuel Yu, Secure Connections Network Security Expert.

The conference forms part of BPI’s call for financial consumers to be more vigilant against cyber-related crimes by meticulously adopting cyber hygiene, which refers to one’s practice of maintaining secure and resilient data and devices.

This is also another step in the Bank’s journey to build confidence in digital systems. BPI annually invests significant resources for IT and cybersecurity systems and building best-in-class digital platforms. In 2023, the bank launched a new mobile app that utilized AI to provide bank clients with tracking and insights.

Early this year, BPI introduced new security enhancements to its mobile banking app featuring three new security controls that users can easily activate. These include a device binding control, functioning as a digital lock, which restricts access to authorized mobile numbers and devices.

“All these are aligned with our Customer Obsession thrust that aims to put our clients’ needs and financial well-being front and center, while encouraging Filipinos to do their part in securing their data and accounts. Cybersecurity is a shared responsibility, and we hope everyone joins us in this movement,” Limcaoco added.

Interested participants can register for the BPI Cybersecurity and Consumer Protection Conference 2024 through this link.

Registration is free, but seats are limited. Snacks and meals will be provided to participants.

The post BPI to hold Cybersecurity Conference to ‘Fortify Cyber-Resilience in an AI World’ appeared first on Blogger Engineer.

Just this month alone, the spoofed Globe sender ID has been reportedly used to send phishing links through SMS – the first one was on May 17th while the most recent one was just today, May 26th. While both appears to have similar content, the links are different – the first one used the domain globecomph[.]quest while the second used globe-co-mph[.]top. Both domains are obvious variations of Globe’s official domain and are not related to globe[.]com[.]ph.

What makes this specific smishing campaign tricky is that it used the sender ID of “Globe” to send out the malicious messages. Traditional smishing attacks are using random numbers or sender IDs which can be easily blocked in anyone’s phones (depending on the phone’s features though). Some people are speculating that Globe’s sender ID may have been compromised.

Globe earlier this year released an advisory against these phishing attacks. According to the telco giant, the culprits behind this are taking advantage of their Globe Rewards expiration advisory. Globe is also encouraging those who have received the malicious text messages to report them to their #StopSPAM portal.

The post New Smishing Campaign makes use of Globe SMS Sender ID appeared first on Blogger Engineer.

With the intent to provide a centralized digital platform for all government transactions, the ‘eGov PH’ app promises to deliver government services at the click of a button. Tagged as a super app, it consolidates different services offered both by the national government and the local government units (LGUs).

On its initial release, ‘eGov PH’ has already managed to include the following features through the app: eJobs, eTravel, Start-Up, Health, Agriculture, SIM Card Registration, Report (People’s Feedback Mechanism), the integration of the websites of different LGUs across the Philippines, and the services of the following national government services:

• ARTA (Anti Red-Tape Authority)
• BTr (Bureau of the Treasury)
• CHED (Commission on Higher Education Services)
• CIC (Credit Information Corporation)
• CWC (Council for the Welfare of Children)
• DFA (Department of Foreign Affairs)
• DILG (Department of Interior and Local Government)
• DOT (Department of Tourism)
• DOTr (Department of Transportation)
• DPWH (Department of Public Works and Highways)
• DTI (Department of Trade and Industry)
• GSIS (Government Service Insurance System)
• Landbank of the Philippines
• LTO (Land Transportation Office)
• MARINA (Maritime Industry Authority)
• MINDA (Mindanao Development Authority)
• NBI (National Bureau of Investigation)
• NCSC (National Commission for Senior Citizens)
• PAG-IBIG (Home Development Mutual Fund)
• PCW (Philippine Commission on Women)
• PEZA (Philippine Economic Zone Authority)
• PhilHealth (Philippine Health Insurance Corporation)
• PNP (Philippine National Police)
• SSS (Social Security System)

There’s a module for Overseas Filipino Workers (OFW) in the app but it seemed like it’s currently parked and due for a separate release.

Developed by the Department of Information and Communications Technology (DICT), ‘eGov PH’ super app aims to redefine our government with digital transformation. The app is a testament that the Philippines is working to make Filipinos’ lives easier by providing convenient ways to do government transactions.

The app is far from perfect but the innovation that ‘eGov PH’ is trying to show gives the country hope that the lingering issues surrounding government services will soon be addressed by these technology-driven initiatives.

The app is now available for download on Android and iOS devices for free!

The post PH releases first Super App ‘eGov PH’ appeared first on Blogger Engineer.

Being in a car accident is a scary thing. It is a risk that you take every time you get into a vehicle, but it is frightening beyond words when it actually happens. If you have been involved in an accident, the first thing to prioritize is your health and safety. After that, you can focus on getting the car repairs and auto glass replacement services that you need to be bale to use your car again. Then, you can visit Bengal Law website to hire attorneys.

Before we dive in to this there are some terms you need to know, for example, What is a write-off?

It’s a term commonly used when the insurance industry determines your vehicle to be a total loss. In other words, the cost to repair your vehicle after a collision is more than its value after subtracting the recycle or salvage value. In such cases, you can only make some money with an scrap car for cash service as mentioned before.

Ask How Long Repairs Will Take

When you find a shop for collision repair Lakewood CO, one of the first things that you should ask is how long repairs will take. While the time your car will be in the shop is just an estimation, you need to know what type of arrangements you should make for an alternate form of transportation.

Discuss Insurance Coordination

Many body shops are willing to work with your insurance company to make sure that you get ample coverage for your repairs. Most of the time, the auto repair shop will send an estimate to your insurance company, and the insurance company may pay them directly. Keep in mind that you will need to pay your insurance deductible before any repairs are made so that your policy will cover the rest, also if your insurance doesn’t cover. Make sure to get the most benefits with the insurances available at https://www.bestcarinsurancewsa.com.

When pouting a claim to get insurance or the responsible party to pay for damages and any medical bill you may need to put on a legal claim, Truck accident claims and lawsuits are multi-layered processes that involve. Hence, it is best to get the help of car accident lawyers from Brasure Law Firm for such legal matters. Gathering evidence to prove negligence and identify a liable party for your accident or injuries. Investigating your accident to determine how it was caused. Filing an injury demand letter when working towards a settlement with the defendant. To learn more about this topic, check this article named Why is a Truck Accident Lawyer Necessary After an Accident in New Haven?

Read Client Reviews

If you require windshield services but do not know of a reputable auto glass company, consider looking at online reviews. While you have to take some peoples’ opinions with a grain of salt, this can give you a good overview of the consensus about the place. Look at reviews across multiple platforms so you can get the most accurate information. You can also find cheap insurance for Toyota Corolla at sites like ZeCoverage.com.

When your car needs repairs, you are likely ready to get the ball rolling. Consider these three tips for getting your car in the shop as quickly as possible so that you can be back on the road safely.

The post Finding the Best Place for Repairs After a Car Accident appeared first on Blogger Engineer.

Two of ABS-CBN’s YouTube channels were reportedly compromised earlier today, November 3, 2020. ABS-CBN News and ANC 24/7, both actively airing news updates and have a huge number of subscribers – more than 10 million and 300,000 respectively, were taken over by some unknown hackers.

The two Kapamilya YouTube channels streamed a cryptocurrency video allegedly from Ripple falling out of love with your job. Those who are familiar with the live-streamed video would know that it’s not from the crypto giant proof of income. A simple google search would lead you to a number of reports associated to YouTube crypto scams that leverage on online video channels with high engagement and followers.

Netizen Jeffrey Paaño Lumabi shared screenshots of the Ripple crypto scams that were aired on both ABS-CBN News and ANC 24/7 channels before they both went offline.

ABS-CBN immediately coordinated the security incident to YouTube who took down the accounts leaving hundreds of netizens confused with what really happened to the online news channels. There were initial speculations that YouTube terminated them due to certain violations of their terms of service. Others were even linking the incident to some political parties.

Cyber Security Philippines – CERT released an advisory saying that ABS-CBN’s YouTube account has been compromised linking it with other similar incidents wherein “Youtube accounts [are] being taken over, content wiped and most often used to distribute malicious and pornographic media, at worst, the attackers extorted money from the social media owners.”

Information security researcher and vlogger Japz Divino detailed on his latest vlog what might’ve happened behind the ABS-CBN compromised accounts. Reacting to his fellow vlogger who also got hacked by YouTube crypto scammers, the ethical hacker made use of the video as a sample scenario that possibly happened to any of the administrators of ABS-CBN News and ANC 24/7 YouTube channels.

ABS-CBN already released an official statement after their two accounts have been restored at around 4PM. The company confirmed that a security incident happened which took over their YouTube channels.

They, the Private investigators they hired, added that the investigation is still on-going and that they have implemented security measures to prevent this from happening again.

According to a separate report from Philippine Star, a YouTube spokesperson also confirmed the hacking incident on ABS-CBN’s two channels.

This security incident just shows how important it is to secure all our online accounts even if they’re not as risky as our financial accounts. Who would’ve thought that even YouTube channels are now being targeted to scam people, right?

Now that vlogging has become one of the most popular hobbies by both celebrities and non-celebrities alike, their owners should put an extra layer of security to ensure that their platform won’t be the next to air a YouTube crypto scam.

The post ABS-CBN YouTube channels hacked by crypto scammers appeared first on Blogger Engineer.

Fans of cosplayer and vlogger Alodia Gosiengfiao got targeted in a recent phishing scheme that harvests Facebook credentials. The hacker behind this attack got an idea after followers of Gosiengfiao started sharing their email addresses on her official Facebook Page.

Alodia initially announced on her Facebook Page a public invitation to join the online game Among Us. Her fans freely shared their email addresses on the post which also attracted hackers seeing the pool of accounts that they can phish.

Later that day, Alodia received a number of reports saying they can’t access the link sent to their email accounts. Upon further checking, the hackers are already in the move as they have sent out emails containing a malicious link.

In one of the screenshots shared by her follower, it showed the list of email addresses who received the phishing mail. It came from the Gmail account alodia[.]amongusgame[@]gmail[.]com to which Alodia denied sending. According to the social media star, her official email is alodia[@]gmail[.]com.

The Among Us phishing email asks recipients to join a Facebook Group via an embedded link. This embedded link actually redirects to a Facebook phishing page under this URL: hxxp://amongusgroupchat[.]byethost4[.]com/?id=facebook

Those who have successfully accessed the landing page specially via mobile may not have noticed the URL and have just willingly logged in using their Facebook credentials. Doing this only put their Facebook accounts in danger as the hackers behind this scheme just received their credentials on the backend.

Alodia already apologized to her followers and shared screenshots of the malicious email. Her fans, on the other hand, suggested options where she can securely gather information for any future invitations.

For those who have received the email, clicked the phishing link, and logged in with their Facebook credentials, we strongly suggest to update your passwords and enable 2FA.

As of this writing, Google already blocks the phishing URL.

The post Hackers target Alodia’s fans via Facebook phishing appeared first on Blogger Engineer.

New variants of text-based phishing messages aka smishing have been seen recently online with quite a number of netizens posting screenshots of what they’ve received supposedly from BDO.

Earlier this week, BDO released an advisory on their official Facebook page warning their account holders of the increasing reports that they’ve been getting.

Did you receive this scam text? Scammers send out messages like this to thousands of mobile numbers, even to non-BDO customers. Alert your family and friends who may have also received the text.

Be smarter than a scammer. Do not click on this link that asks you to verify suspicious account activity.

Remember: We will never send you links to verify your account or to collect customer information. #BDOAntiScam

BDO Official Facebook Page

These smishing campaigns are not only being sent out via SMS. There were Facebook accounts (allegedly compromised) that were being used to spread the same messages via Messenger.

BDO has been the subject of online bashing for the poor service of their mobile app. This is most likely the reason why the scammers behind this recent surge of smishing targetted the bank.

It is worth noting as well that the people behind this scam is also the same ones targeting UnionBank customers. One netizen shared a screenshot of an SMS he received last month supposedly from UnionBank. The same sender also sent a message with BDO phishing link this week.

Another variant of this smishing campaign makes use of a BDO-related URL but eventually redirects to a BPI phishing site.

We reviewed the domains associated in these variants and they’re all related to the same IP address that we reported last month.

Below are the new malicious banking domains associated with the IP 163[.]44[.]136[.]225:

The post BDO smishing continues appeared first on Blogger Engineer.

A new active smishing campaign is targeting clients of Banco De Oro (BDO). The most recent report that we have received was just last night with almost the same content as those of the previous variants released this year.

Just this April, UnionBank clients were hit by the SMS-based phishing attack prompting the Aboitiz-led bank to release an advisory. Another wave of this attack was seen towards the end of August.

Ayala’s Bank of the Philippine Islands (BPI) was also not spared as cybercriminals sent out SMS with a malicious link when the pandemic-induced lockdown started in Metro Manila.

The culprits are now eyeing BDO. This turn may not be surprising given that the bank is one of the largest in the Philippines.

This recent surge of smishing attacks is obviously attributed to the increasing number of Filipinos relying on digital banking this pandemic. BPI, for instance, reported an increase to 90 percent of digital transactions versus 72 percent prior to the pandemic.

It seemed like the rise of smishing-related threats will continue. To note, when we were checking the BDO smishing sample, we found newly created domains that may have been bought for similar campaigns. Majority of these domains were malicious variants of UBP and BDO.

The following are the malicious banking domains associated with the IP 163[.]44[.]136[.]225:

The IP and domains were already reported to security vendors for blocking. We will also notify the involved banks regarding these findings for the active domains.

Credits: BDO FB Page (for the main photo) and Mr. James Chris Uy (for the BDO smishing copy)

The post Rise of smishing attacks vs PH banks appeared first on Blogger Engineer.

While GMA-7’s daily variety game show ‘Wowowin’ continues to win more viewers since they launch the ‘Tutok to Win’ segment during the community quarantine season, the TV program also attracted a lot of scammers that leverage on how they pick their daily winners.

Willie Revillame, the TV show’s host, randomly calls viewers from those who have commented on their social media accounts. Televiewers are posting their full names, addresses and mobile numbers in hopes that they will be called on-air.

While the intention of the show is to provide entertainment and assistance to those in need specially now that a lot are affected by the COVID-19 pandemic, ‘Wowowin’ is unfortunately driving their loyal followers to scammers and fraudsters who could be using their personal information for purposes beyond the program’s intent.

Multiple fake Facebook accounts, pages and groups were created to mimic Mr. Revillame and his show ‘Wowowin’.

While it’s easy to determine which one is legit as the show’s official account is verified, there are still some users who fell victim to these cloned social media accounts.

The fake Facebook accounts lure hopefuls to click on shortened URLs that would redirect to blog sites that also make use of Mr. Revillame’s images and his show’s logos. Multiple links are embedded on these blogs that when clicked would lead to more scam and phishing sites.

Some of the shortened URLs involved in this scheme are:

• hxxps://bit.ly/sa-wowowin
• hxxps://bit.ly/list-name-wowowin
• hxxps://bit.ly/37cXTkz

Here are some of the blog sites created as landing page:

• hxxps://enjoyforyourgifts[.]blogspot[.]com
• hxxps://getmoneynowhere[.]blogspot[.]com

Fake Willie Revillame Facebook Accounts which also serve as admins of the fake FB Group:

• https://www.facebook.com/admfitri.gagaltenar.14
• https://www.facebook.com/adamchebongk.adamchebongk

Unverified Wowowin Facebook Group: https://www.facebook.com/groups/760859501387070

The Facebook Group involved has a whopping 110,000 members as of today even when it was just created last May 29, 2020. In two week’s time, they managed to acquire these much of Facebook users all because they were able to ride on the popularity of ‘Wowowin’.

We have reported the involved dummy Facebook accounts to ‘Wowowin’ hoping that they’ll also do something against these fraudsters.

The post More scammers target ‘Wowowin’ hopefuls in FB appeared first on Blogger Engineer.