There Are Two New Fake BPI Email Phishing Scams, So Here’s What to Look For

 

…..should you get one in your email, that is.

 

It seems that 2016 isn’t over for the Bank of the Philippine Islands (BPI) yet, figuratively speaking. After a disastrous information update campaign last year (remember the needless panic you felt over updating your customer file in time?), a scam targeting clients of the Philippines’ oldest bank has recently emerged.

 

So, if you bank with BPI and use their credit cards, listen up.

 

There have been two fraudulent emails going around as of late, both with the intent of duping you into giving up your credit card details through online verification. Sometimes, they land in your spam folder (which is already sketchy in and of itself), but I know a few who’ve found these in their inbox.

 

Now, how can you tell if the email is legit or not? From my experience, here are the telltale signs of a fraudulent email:

 

1. Sketchy email address.

 

sketchy email address There Are Two New Fake BPI Email Phishing Scams, So Heres What to Look For

 

Scam emails might have logos and letterheads to make them look more official, but you’ll know something’s up if you use your cursor to hover over their email address.

 

BPI’s official email address is expressonline@bpi.com.ph. Emails claiming from BPI but originating from any other address (e.g., expressonline@root.com, etc.) can and should thus be considered fake.

 

2. Inconsistent formatting.

 

Sometimes, scammers can clone email addresses, but they trip up when it comes to the actual email structure.

 

Remember when your college professor required you to use a standard font and text size for reports? No, they weren’t just doing that to make things hard for you; consistent formatting is important for establishing credibility (not to mention readability), which is why official correspondence makes use of it too.

 

So, if you get an email from BPI that starts off with Arial 10 and then somehow morphs into Calibri 14 (or worse, Comic Sans. Eww.) and then back to Arial 10, it’s probably a scam.

 

3. Terrible grammar usage.

 

Again, there’s a reason why your professors insisted on teaching you proper grammar rules. If you want to be taken seriously, you have to convey your message in the right manner, and that includes formulating your sentences correctly.

 

This is my personal standby when it comes to checking the validity of “official” emails; I knew I received a fake letter when it was riddled with incomplete sentences, improper capitalization, and horrible spelling (Bank of the Philippines Islands, really??).

 

(Also, I now call BS on people who think it never pays off to be a Grammar Nazi.)

 

4. Links that lead to a website (with a questionable URL) asking for your credit card details.

Links that lead to a website asking for your credit card details There Are Two New Fake BPI Email Phishing Scams, So Heres What to Look For

There’s a screenshot of the website that opens up when you click the link on the email, and at first, it looks official, what with the logos and color schemes used in the interface.

 

If you take a closer look, you’ll see that there are fields asking for your USER ID and email passwords, along with your credit card information. As a rule, banks will never send you emails to verify your credit card usage. I repeat, IF THERE HAS BEEN SUSPICIOUS ACTIVITY ON YOUR CREDIT CARD, THE BANK WILL CALL YOU TO VERIFY. THEY WILL NOT SHOOT YOU AN EMAIL.

 

Lastly, check the URL. BPI’s official URL address is secure1.bpiexpressonline.com. If the address on the website is vastly different or even dubious (e.g., secure01.bpiexpressonline.mascaratude.com), close that window immediately.

 

5. A question mark appearing beside the email address.

question mark on email address There Are Two New Fake BPI Email Phishing Scams, So Heres What to Look For

If you’re using gmail, logos can sometimes appear beside the email address on your correspondence.

 

If a question mark rather than BPI’s official logo appears beside the email address on the email, that means it’s coming from an unverified source (i.e., it’s probably a fraud).

 

Lastly, if you really want to play it safe, call up your bank to verify whatever is written on the email. That way, you’ll also alert them to any potential scams and thus help prevent other customers from falling prey to them.

Serena Estrella

Serena joined iRemit back in 2016, and has tormented its Marketing Head constantly ever since. To get through the rigors of writing about grave concerns like exchange rates, citizenship requirements, and PH-AU news, she likes to blast Mozart, Vivaldi, ONE OK ROCK, and Shigeru Umebayashi in the background. She does a mean Merida voice in her spare time too.

Comments
SHOW 0 COMMENTS

Leave A Comment

Your email address will not be published. Required fields are marked *