Union Bank of the Philippines, Inc. (UBP), more commonly known as UnionBank, issued an advisory to its clients about the phishing scheme being spread through text messages, stating that it will never ask its clients to click on a link asking for private information.
“Watch out for this Phishing message. DO NOT CLICK ON LINKS and NEVER PROVIDE your personal information such as your password or OTP to anyone,” the advisory read.
The bank’s clients reported last weekend that they received text messages that said: “Good day! Your UnionBank account has been flagged for fraudulent transaction. Your account will be disabled in 24 hours.”
The message also directed users to verify their accounts through a TinyURL link. TinyURL is a service used to shorten links.
However, TinyURL emphasized that it did not send the spam message and that it does not operate any email lists.
“If you received spam, please note that TinyURL did not send this spam. We cannot remove you from spammer’s database as we have no association with spammers, but instead we recommend you use spam filtering software,” TinyURL said.
On the other hand, some clients also reported that there are text messages with the same phishing content sent by the UnionBank’s official phone number.
“Hey Union Bank of the Philippines I just got a text message too from your official phone number, telling me my account has a fraudulent transaction and I need to click on a link so my account won’t be locked. Does this mean you have been hacked too like BDO? The reason why I moved to you guys was because of what happened to BDO last December. Are our accounts still protected with you guys?” a client commented on its Facebook page.
UBP immediately confirmed it as an SMS Phishing scam and advised its clients to delete these messages immediately.
“Thank you very much for alerting us about this. It is a modus called SMS spoofing, where the fraudsters use a special tool to mask/change the sender’s name, making it look like the SMS comes from legit institutions like banks. Please do not engage with the message and don’t click on the link. Our investigation team is working on the necessary actions,” it replied.
Meanwhile, other clients called for the bank’s liability, as the SMS came from its official number.
“The sms made people believe it was officially from your end as all previous transactions can be backread from the same official number/user. Can you also make a statement what you will do about it? People lost their hard earned money. So these must be traced and get us back what is due,” another comment read.
However, UnionBank insisted that it is compliant with the Bangko Sentral ng Pilipinas’ (BSP’s) memorandum in removing all clickable links in all emails or SMS.
“Rest assured that our Cybersecurity unit has taken the necessary actions on the fake/site link and activities are still being monitored. Thank you for your vigilance,” the bank assured.
Last month, Senator Grace Poe implied that the BSP should publicize the penalty sanctioned to BDO and UnionBank regarding the unauthorized bank transfers during the December 2021 cybersecurity breach which victimized 700 BDO clients.
Earlier this year, UBC revealed its plan to offer cryptocurrency trading and custodial services, followed by its partnership with the nonprofit organization, Center for Art, New Ventures and Sustainable Development (Canvas.ph) that aims to help artists and collectors navigate the growing non-fungible token (NFT) space.
This article is published on BitPinas: UnionBank Warns Clients Against Phishing Scam Text Messages
Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.