Security Alert: Phishing Email Targets MetrobankDirect Users
MetrobankDirect is the internet banking facility of Metropolitan Bank & Trust Company, a rather conservative but one of the largest bank in the Philippines. This facility has been in place for years now but Metrobank is not pushing the use of this facility aggresively (at least I think they don't). Well, despite the low-key presence of this internet banking facility, I got wind of news that there is a phishing email specifically targetting MetrobankDirect. The email goes like this:
Dear Metrobank Online Banking users:
We congratulate all our clients on the anniversary of our Bank!
We are glad to inform that in this connection you have received the chance to become the winner of our lottery.
It is a unique opportunity to win an automobile, a notebook, and more than hundred excellent prizes.
Join the draw game immediately!
For the participation in the lottery you should enter yours Customer ID and Password on the Online banking log-in pages.
After that you account will be added to the draw participants database and in the event of win you will receive notification in your ะต-mail.
Retail login: To register Participations
Corporate login: To register Participations
Thank you for your attention.
Metrobank Authority.
http://203.116.109.75:8081/default.asp/index.htm
http://202.235.202.207:8081/corporate.asp/index.htm http://202.235.202.207:8081/corporate.asp/index.htm
Now, I've tracked the IP addresses and the one targetting retail users have the server in Singapore while the two targetting corporate accounts are in Japan. I know for a fact that the MetrobankDirect servers are in Manila, Philippines.
Anyway, the bank officials are now alerted on this and hopefully they can do some damage control to prevent any potential fraud arising from this phishing scam.
If you are one of those who received this email, simply delete it because there is no such promotion and following the link in the email will only allow the hackers who made the phising website and email to "harvest" your MetrobankDirect user id and password. There are inherent safeguards in the MetrobankDirect site that will help protect your money because most transactions that requires transfer of money or bills payments require some sort of enrollment. If you mistakenly (and over-eagerly) went to the fake website to register, immediately change your passwords at the *real* MetrobankDirect website to protect your account and identity. How would you know if you are in the real MetrobankDirect website? Just make sure that the address on your browser actually say "http://www.metrobankdirect.com/" not just an IP address.
1 comment:
Post a Comment