Individuals using a desktop computer. (Pixabay/ StartupStockPhotos)
Concerns were raised after some education-related email addresses were reportedly used to send spam messages.
On Friday, December 26, a Reddit user shared that they received an email from an entity using the name of a digital bank, claiming their device had been “registered.”
Upon closer inspection, the email, labeled as coming from “Maya Alerts,” was sent from an address registered to the Polytechnic University of the Philippines (PUP).
The email included a disclaimer instructing recipients to “notify the sender immediately and delete this communication” if it was received in error.
“The Polytechnic University of the Philippines is neither liable for the proper and complete transmission for any delay in its receipt,” part of the disclaimer reads.
A review of the sender shows the email is from “[email protected].”
“Scammer from PUP? Nakalimutan magpalit ng email?” the Redditor said in a post, sharing screengrabs of the email.
Scammer from PUP? Nakalimutan magpalit ng email?
byu/wittybros inPhilippines
The Reddit post has received nearly 30 upvotes and several comments, with some users suggesting that the PUP email account may have been “compromised.”
“Maybe scammer from PUP or maybe someone’s credentials [have] been compromised, we don’t know the exact reason,” a Reddit user wrote.
“Uso mga ganyan, may naligaw sakin LandBank, pero DepEd email tapos complete name ang domain, haha. Kaya napapaisip din ako kung hacked email nila o sila talaga ‘yun,” another commented.
“Madalas ko makita ang Edu at Gov domains sa phishing emails. Hindi ata secured masyado kaya ganun. Anyway, I doubt siya ‘yan,” a different Redditor said.
“May mga na re-receive din ako na scam emails from international .edu domains. My guess is, probably compromised accounts ‘yan. But I think it would be better if ipaalam sa PUP ‘yung incident na ganyan,” another wrote.
Another Redditor recommended reporting the email to PUP, since it came from an “official” university email address.
The incident echoes a previous warning from the Philippine National Computer Emergency Response Team (CERT-PH) last year, when the public was cautioned about emails impersonating the agency using the email address “[email protected].”
“If you receive any communication claiming to be from CERT-PH but using a different email address, such as cert-ph@dict[.]ph[.]site or similar variations, do not open any links or attachments, and do not respond,” CERT-PH previously said.
“These are fraudulent phishing attempts designed to steal sensitive information. We advise all individuals and organizations to remain vigilant,” the organization added.
Experts advised the public not to open any links or attachments in emails suspected to be spam, as doing so could lead to the theft of sensitive information, including bank details.
Recipients are also urged to verify the sender’s email address to ensure the message comes from a legitimate organization or individual.
