Hi, My Name is Bernie

A lot has happened since the Philippine SIM Registration Act has been implemented.  There are people who are for and against its implementation.  That is an issue that can only be resolved in time.  However there is a bigger issue has stemmed from it.  The law is now being leveraged by threat actors that seeks to gather personal information from their potential victims. While reviewing my SPAM folder for legitimate messages that have slipped into the cracks, I noticed this interesting sender. A casual look makes it appear as if it came from GCash, a service I use for my digital wallet needs.  Although the display name says "admin@gcashmobile.com", it was sent "via sendgrid".  Just to let you know, legitimate emails from GCash comes from the "@gcash.com" email domain so this is already a big red flag.   Here is the body of the message: Looks convincing, right?  However, one thing that everyone should be aware of is this: Companies will always refer to you b

  Hot on the the heels of the string of controversies hounding Twitter after the Musk Takeover, this happens.  So what happens next?  I did an immediate change of password and enabled multi-factor authentication. So if you are on Twitter, please change your password immediately even if you haven't receive any similar notice and do yourself a favor, please enable multi-factor authentication too.  This is for your own good :D

  Let this serve as a warning. There is a Facebook post that claims that they will be "donating" refrigerators if users comment their preferred colors on the said post.  Once users comment on it, the page will reply encouraging users to "validate" their "registration" by visiting a website.   This is where things gets interesting.  If the users follow the page's instructions, the registration page will redirect users to a website that gathers user credentials which will later on can be used to steal the identity of those who commented.  A quick check on the site where users are redirected will yield this result:   Moral of the story: If it's too good to be true. It most probably is (scam).

The news about the "mysterious" loss of 1 million pesos from someone's bank account is making the rounds of social media right now (see video below).   https://fb.watch/hmCZUoZpiQ/?mibextid=v7YzmG Here are my thoughts on the incident: The victim should have been suspicious when a barrage of OTP notifications are received on her phone. She should have gone to her bank to check on her account Although not the culprit, the person who attended the call of the customer should have done a better job checking the system when the customer called. What probably happened: Based on what I saw in the video, this is probably a complex case of phishing and SIM Swapping.  According to the victim, she has not enrolled her account to the online facility meaning that the perpetrator/s was able to use the victim's cellphone number to enroll the account.  To enroll an account to such a facility, the perpetrator must know the victim's information as stored in the bank. The only way to