Analysis byChloe Ordonia

Trend Micro researchers received an email that poses as a legitimate email notification from the Philippine-based bank Rizal Commercial Banking Corporation (RCBC). The email message informs recipients that RCBC disabled his/her account for security reasons. The message also states that the recipient must click on a provided link to activate their account immediately.

Once the user clicks the link, he/she is led to the following phishing page that looks like the legitimate RCBC online account site:



Upon analysis, the said site was found to be a phishing site. Phishing websites trick users into disclosing their account information by spoofing legitimate sites. Trend Micro encourages users to check their online banking accounts by typing the address of the site directly in the address bar of their browsers. Also, use bookmarks in browsers to access these sites directly.

 SPAM BLOCKING DATE / TIME: 22 de ноября de 2011 GMT-8
 TMASE
  • TMASE Engine: :
  • Patrón TMASE: :8536