Online security advisory about phishing e-mails

Recently I was a victim of a phish e-mail. I got an electronic mail from UBP EON Services (UnionBank), where I have an EON cyber account. I though it was legitimate because the e-mail addresses me personally (my real full name). The screenshot from my mail indicates that I need to update my account credentials and profile for continuous online banking service without interruptions.

I clicked the link but I noticed it redirected me to a certain Megalink website. Firefox browser warned me that it is a phishing website to trick users.

I ignored the warning, seeing “Megalink” as the website (by the way Megalink is the common network for the banks in the Philippines) so I didn’t suspect any malice intent.

Then I was brought to the “EON Login” page, but this time there is an addition to the login — it needs you to enter your transaction password.

I instinctively entered my details, and I was redirected to UnionBank website (not the EON cyber account facility) — only to realize that indeed this is a real scam. I tried to click the link again — this time I didn’t enter any card number/password, and yet it still redirected me to the same UnionBank homepage. I quickly changed my transaction password, and changed my ATM PIN the very next day.

I reported the incident to UnionBank Facebook Page, and they replied

“Do not click on any links provided by an email message purportedly coming from UnionBank. Only transact on-line by logging in directly at If you would like to make a secure on-line transaction with UnionBank, your only option should be to go directly to our website at and click on the login links from there. Thank you!”

As of September 14, 2012, the malicious “EON Login” page at was taken down.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.