The chief of the National Bureau of Investigation Cybercrime Division yesterday said the h “Mark Nagoyo” hacking incident that involved BDO Unibank Inc.. and Union Bank of the Philippines is not likely to be an inside job but a phishing scheme perpetrated by local hackers.
“Based on our experience (in investigating hacking incidents) and the manner in which the hackers executed the scheme, we are not inclined to believe that it is an inside job,” Victor Lorenzo told radio DZBB Thursday.
Lorenzo said the hackers may have been able to get the information that led to the hacking from the victims through “phishing.”
Victims of phishing usually receive emails purportedly from a legitimate and well-known source which contains a link to a false but credible looking website where the victim will be asked to update their personal and or bank account information.
The NBI in previous hacking incidents said banks and other financial institutions as well as legitimate online businesses do not ask such information from their account holders or customers.
Lorenzo said they are inclined to believe that the hacking incident involving BDO and Unibank was perpetrated by local hackers.
The “Mark Nagoyo” hacking incident involved the unauthorized transfer of funds from unsuspecting BDO account holders to a fictitious bank account with UnionBank.
The NBI official said investigations on the hacking incident are ongoing adding that part of their probe is looking at the “compromised accounts” to check for additional information that may lead to the hackers.
In a related development, Sen. Sherwin Gatchalian has filed a resolution calling for a Senate investigation on the proliferation of fraudulent bank transactions.
Gatchalian said there is a need for a more comprehensive inquiry on this issue to allay the fears of the public on their personal data privacy due to these phishing scams, as well as ensure that more than adequate security measures and controls as well as customer redress mechanisms are being implemented by the banks, other business establishments and regulatory agencies. – Ashzel Hachero
