A recent Phishing campaign involving BDO is particularly interesting as the culprits used a government-hosted website to spread the malicious email. The website of the province of Bulacan was first compromised to host the landing page of this phishing incident.
Facebook user Crystel VT first posted in her timeline the screenshots of the BDO phishing mail. At first glance, it may look exactly as its legitimate counterpart but closer inspection reveals so many red flags. The good thing is, Crystel isn’t gullible to believe this.
On her post, Crystel was wondering how these people managed to get hold of her email address. While the question is valid, the more pressing question is, how did these hackers compromise Bulacan’s official website?
The thing is, most of our government websites aren’t really secured to begin with. While the government’s efforts to raise cybersecurity awareness is a good initial step, we still have a long way to go to establish a good reputation in reference to our government-managed websites.
Bulacan’s website has been repeatedly targeted due to poor security in place. Remember the April Lulz event of Pinoy LulzSec? Bulacan’s website has been compromised there for two straight years – 2018 and 2019.
Tzar Umang, another concerned netizen, shared his dismay over the incident. He urged the Department of Information and Communications Technology (DICT) “to take a look at the security of different gov.ph sites” for vulnerabilities.
In a private conversation, Crystel said that she already reported this to BDO. The phishing URL has since been taken down.