New phishing scam targets BDO, RCBC, and Maya users with fake LTO violation alerts

Cybercriminals deploy a new phishing scheme, utilizing fake LTO notifications to lure victims into providing banking credentials through decoy websites

BY Art Samaniego
Apr 30, 2024 00:17 AM

At a glance

  • The phishing scam targets BDO, RCBC, and Maya users by impersonating the Land Transportation Office (LTO).

  • Victims receive text messages falsely claiming they have incurred a traffic violation, including a link to a fake LTO website.

  • The fraudulent website requests users to input their vehicle plate number and subsequently offers payment options linked to these banks.

  • Selecting a payment option redirects users to a counterfeit banking login page designed to steal their credentials.

  • Users are advised to verify any such communications directly through official channels to confirm their authenticity and avoid falling victim to the scam.

 

 

7d549b6e-4427-4f56-a711-fd47dabc6737.jpg
This is a phishing attempt, do not click the link.

Cybercriminals are currently targeting BDO, RCBC, and Maya users with a sophisticated phishing scam that masquerades as a notification from the Land Transportation Office (LTO). The scam begins with a deceptive text message alerting recipients that they have incurred a traffic violation. The message includes a link to resolve the issue within a 30-day window.

 

5e0124de-f586-4e64-b99a-30fe044eb770.jpg
This site is fraudulent. Do not enter your vehicle plate number.

However, clicking on this link will redirect you to a fake LTO website. Here, users are tricked into entering their vehicle plate number. I discovered that the site accepts any input, indicating its true purpose is to lure users deeper into the scam. After entering a plate number, the fake site displays payment options through BDO, RCBC, and Maya, falsely associating with these reputable financial institutions to gain trust.

 

5ac1b2e2-c335-4acb-8d22-cfeb7ad2012f.jpg
Beware: this is a bogus page aiming to deceive BDO, RCBC and Maya users.

If a user selects one of these options, they are taken to a fake login page designed to mimic the chosen bank or financial service. The cybercriminals may gain unauthorized access to the victim's financial accounts by capturing any login credentials entered on these pages.

Users of BDO, RCBC, and Maya are strongly advised to remain vigilant and skeptical of any unsolicited communications claiming to be from the LTO or any other official source, especially those that prompt clicking on links or entering sensitive information online. Always verify the authenticity of such messages by directly contacting the source through official channels.

related stories