Threat actors targeting Union Bank of Philippines users

Security researchers at Shreshta have identified a phishing campaign targeting Indian citizens. Threat actors targeting Union Bank of Philippines users with a phishing campaign

Executive Summary

The Union Bank of the Philippines, Inc., more commonly known as UnionBank, is one of the universal banks in the Philippines and the ninth-largest bank in the country by assets.¹

Phishing website unionbank[-]verify.co[.]in/login[.]php impersonating Union Bank of Philippines

Image – screenshot of phishing website online[.]unionbankph[.]com

Threat indicators

The Domain name unionbank[-]verify.co[.]in was registered by Key-Systems GmbH
The domain name unionbank[-]verify.co[.]in registration date – 26-02-2023
The website contains hyperlinks that lead the user to the official website online[.]unionbankph[.]com of Union Bank Philippines
The login page accepts any given credentials
No error prompts occur during the login process
The links for “Forgot my User ID or Password” and “Unblock my profile” redirect to the official website pages

The phishing website collects any login details and prompts for the user’s registered phone number

Image – screenshot of phishing website unionbank[-]verify.co[.]in/mobilenumber[.]php

- The phishing website requests the user to provide their registered mobile number

- The website accepts any phone number without indicating any invalid prompts

The phishing website takes an incorrect phone number and requests a 6-digit code

Image – screenshot of phishing website unionbank[-]verify.co[.]in/otp1[.]php

The Phishing website shows an error on a falsely penetrated One-Time Pin

Image – screenshot of the error

Motive

The motive of the threat actors for creating the phishing website targeting the users of Union Bank Philippines is to harvest the Personally Identifiable Information (PII) of the user.

To get our latest blog posts in your Inbox, subscribe below.

Pranay Patil

Website | + posts