BPI warns users against phishing emails
February 4, 2007
The Bank of the Philippine Islands (BPI) recently issued a warning to users of BPIExpressOnline, its online banking facility, against phishing emails. Phishing — pronounced “fishing” as in “fishing for information” — is a type of deception designed to steal one’s personal data such as credit card numbers, passwords, and account login information.
How to check whether an email is a phishing email or not and how to protect oneself from phishing is discussed in the What is Phishing? article.
An example of a BPI phishing email was posted by Ka Edong in his Technobiography blog.
Below is the email sent to BPIExpressOnline users warning against phishing emails.
Phishing Scams on the Rise
Phishing e-mails are sent to trick you into revealing personal and financial information. Don’t be a victim.
We suggest that you use this short checklist to protect yourself against phishing attacks.
1. Begin your session by manually typing the web address of BPI into your browser.
The official URL of BPI Express Online is www.bpiexpressonline.com.
2. Avoid disclosing personal or account details via email or embedded link.
Be skeptical of unsolicited e-mails, especially those that concern personal / account information.
Delete suspicious emails or email attachments without opening them, even if they seem to have originated from someone you know.
3. Notify the sending company if you receive a suspicious email.
Contact us directly through Express Phone 89-100 or email us at firstname.lastname@example.org.
4. Check the security certificate of the web page.
Before entering personal or account information into a site, make sure it is secure.
In Internet Explorer, you can do this by checking the yellow lock on the status bar. A closed lock is an indication of an encrypted site.
If you think you may have responded to a suspicious email, change your password for Express Online as soon as possible. To change your password, login to www.bpiexpressonline.com and go to Account Maintenance –> Change Password.
We wish to reiterate that BPI will never send you an e-mail asking for information on your username and password. The Bank’s websites are protected by a 128-bit SSL encryption and Verisign’s Security Certificate. We would also like to remind you of the following legitimate website addresses of the Bank:
Protect yourself from phishing by using the browser Firefox and installing protective softwares such as Roboform (download links in the right). Other ways of protection are discussed in the Technology and the Internet folder of the PMT Forum.
Click for more interesting, useful and related posts:
- bpi ssl phishing