Online security advisory about phishing e-mails

Recently I was a victim of a phish e-mail. I got an electronic mail from UBP EON Services (UnionBank), where I have an EON cyber account. I though it was legitimate because the e-mail addresses me personally (my real full name). The screenshot from my mail indicates that I need to update my account credentials and profile for continuous online banking service without interruptions.

I clicked the link but I noticed it redirected me to a certain Megalink website. Firefox browser warned me that it is a phishing website to trick users.

I ignored the warning, seeing “Megalink” as the website (by the way Megalink is the common network for the banks in the Philippines) so I didn’t suspect any malice intent.

Then I was brought to the “EON Login” page, but this time there is an addition to the login — it needs you to enter your transaction password.

I instinctively entered my details, and I was redirected to UnionBank website (not the EON cyber account facility) — only to realize that indeed this is a real scam. I tried to click the link again — this time I didn’t enter any card number/password, and yet it still redirected me to the same UnionBank homepage. I quickly changed my transaction password, and changed my ATM PIN the very next day.

I reported the incident to UnionBank Facebook Page, and they replied

“Do not click on any links provided by an email message purportedly coming from UnionBank. Only transact on-line by logging in directly at http://www.unionbankph.com/ If you would like to make a secure on-line transaction with UnionBank, your only option should be to go directly to our website at http://www.unionbankph.com/ and click on the login links from there. Thank you!”

As of September 14, 2012, the malicious “EON Login” page at megalink.com.ph was taken down.

Leave a Reply

Your email address will not be published. Required fields are marked *