We’ve received notification from some of our readers that the Department of Health (DOH) website is hacked and is being used to phish out sensitive information from BPI cardholders.

According to the information we’ve received, an email was sent the cardholder from the BPI servers requiring that they must enter information to verify and activate his card. He then is redirected to a part of the DOH website — where the layout is akin to the one you’ll see on BPI’s — where one has to put in sensitive information including credit card numbers and the three-digit CVV at the back.

Readers who sent this in have been worried that the BPI may have been compromised as well since the email came straight from the local bank’s email servers, and they have requested for a new credit card recently. We’ve tried the links mentioned in this tip, and they are still live as of this writing.

BPI, on their official website, warns users of unscrupulous methods such as these to get sensitive info our of their customers:

We suggest that you use this short checklist to protect yourself against phishing attacks. Begin your session by manually typing the web address of BPI into your browser. The official URL of BPI Express Online is secure1.bpiexpressonline.com. Avoid disclosing personal or account details via email or embedded link. Be skeptical of unsolicited e-mails, especially those that concern personal / account information. Delete suspicious e-mails or e-mail attachments without opening them, even if they seem to have originated from someone you know. Notify the sending company if you receive a suspicious e-mail. Contact us directly through Express Phone 89-100 or e-mail us at [email protected] . Check the security certificate of the web page. Before entering personal or account information into a site, make sure it is secure. In Internet Explorer, you can do this by checking the yellow lock on the status bar. A closed lock is an indication of an encrypted site.

We’re reaching out to both the DOH and Bank of the Philippine Islands for further comments on this issue. More as we get it.