A Cebu-based jobs site has been found hosting Bpi Phishing pages – one for the mail campaign sent last March 30th and the other that was just sent yesterday. Administrators of the site CebuJobs.ph had taken down the first page but the culprits behind this variant of BPI phishing attacks managed to use the same exploit to redirect a page from that domain to another phishing page. This technique was likely used to bypass web filtering tools that block known domains that host malicious sites.

We have yet to communicate with Cebu Jobs about their compromised site but we’ll definitely get their side on this matter. They may be operating fine but the continuous use of their site to malicious activities may put their business in jeopardy.

The consistent attack against the Ayala-led bank may have something to do with their current EMV drive. BPI has been contacting their clients to replace their existing cards with EMV. Though not yet rolled out across all their branches, the bank has been scheduling this activity branch by branch.

Due to slow EMV implementation, the cybercriminals may be leveraging on this to contact the clients of the bank by asking them to update their personal information online. BPI may need to educate their customers about this on-going attack as it could damage their reputation as one of the leading financial institutions in the country.