Phishing targeting bank of Philippines

Threat actors targeting Union Bank of Philippines users

Security researchers at Shreshta have identified a phishing campaign targeting Indian citizens. Threat actors targeting Union Bank of Philippines users with a phishing campaign

Executive Summary

The Union Bank of the Philippines, Inc., more commonly known as UnionBank, is one of the universal banks in the Philippines and the ninth-largest bank in the country by assets.1


Phishing website unionbank[-][.]in/login[.]php impersonating Union Bank of Philippines


Image – screenshot of phishing website online[.]unionbankph[.]com

Threat indicators

    • The Domain name unionbank[-][.]in was registered by Key-Systems GmbH
    • The domain name unionbank[-][.]in registration date – 26-02-2023
    • The website contains hyperlinks that lead the user to the official website online[.]unionbankph[.]com of Union Bank Philippines
    • The login page accepts any given credentials
    • No error prompts occur during the login process
    • The links for “Forgot my User ID or Password” and “Unblock my profile” redirect to the official website pages

      The phishing website collects any login details and prompts for the user’s registered phone number


    Image – screenshot of phishing website unionbank[-][.]in/mobilenumber[.]php

        • The phishing website requests the user to provide their registered mobile number

        • The website accepts any phone number without indicating any invalid prompts

      The phishing website takes an incorrect phone number and requests a 6-digit code


      Image – screenshot of phishing website unionbank[-][.]in/otp1[.]php



      The Phishing website shows an error on a falsely penetrated One-Time Pin


      Image – screenshot of the error



      The motive of the threat actors for creating the phishing website targeting the users of Union Bank Philippines is to harvest the Personally Identifiable Information (PII) of the user.


      To get our latest blog posts in your Inbox, subscribe below. 



      Website | + posts