BPI hacked? Phishing attack, fake BPI website spotted

Was the Bank of the Philippine Islands (BPI) hacked? A netizen has spotted and reported an online phishing attack on a fake BPI website.

Facebook user Smarkies Anthony Moreno, who lives in Mandaue City, tipped the Cebu Flash Report page about the illegal cyber activity. He encouraged others to share his post so that BPI clients can avoid the attack.

Another FB user commented that the BPI online login page was down in the early morning of Thursday, December 7.

According to an entry on Wikipedia: "Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication."

To support his discovery, Moreno provided a screenshot of the fake BPI website which shows that the user would be asked to input the Card Number, Card PIN and Card Expiration.


BPI's legitimate web portal only requires clients a User ID and Password to login. Also note that the real BPI website uses Hypertext Transfer Protocol Secure or "https" on its web address for secure communication over the financial entity's computer network.


Phishing scams, according to Webroot, "is a type of online scam where criminals send an email that appears to be from a legitimate company asking you to provide sensitive information. This is usually done by including a link that supposedly takes you to the company’s website where you are asked to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam."

The concerned netizen hopes that the phishing attack and fake BPI website would reach the bank personnel's knowledge. Share this post to help disseminate the information.