The Bank of the Philippine Islands (BPI) has issued a warning over a fake log-in site for its online banking service, as it reminded their clients to be vigilant against fraud.
According to BPI, the fake site copied the whole layout of the BPI Express Online log-in page, but uses a different address, http://www.bpiexpressonlineph.com. The correct BPI address is https://www.bpiexpressonline.com. Nevertheless, the fake site has since been taken down.
Everyone involved in the security of an account or personal information should be perceptively wary and vigilant. A lapse in caution compromises all involved. Ramon Jocson, Executive Vice President & Head of Enterprise Services
Listed below are some tips to avoid fake sites according to BPI.
CHECK E-MAIL ADDRESS, DOMAIN NAME
Hover your mouse pointer over the link and copy of the URL. The hyperlinked URL will be shown in the status bar at the bottom of your email. If it does not match the URL you intend to visit, it is most likely a fake website.
CHECK SITE SECURITY
A secure website begins with https: and has a lock icon on the page, which means that it uses an SSL protocol.
BE WARY OF EMBEDDED FORMS
Forms that ask for passwords of personal email accounts are usually fake. The bank never asks for personal information using embedded email links. The lender also advised clients on keeping their accounts safe, including changing PINs regularly, using anti-virus software, clearing cached memory after logging out of banking sites and avoiding shared computers when transacting online.
Source: ABS-CBN News
Why not update login security like OTP, 2FA or even email verification. Lame securities (login and password) are to obsolete and easy to crackdown.