NATIONAL
Advocates Philippines
It Wasn't A Hack: 'White Hat' Explains BDO Scam As User's Social Engineering Mistake
Photo credit: Japz Divino
A local "white hat" hacker—a cybersecurity expert who finds flaws to help improve systems—is setting the record straight on a viral BDO incident. According to his analysis, the recent BDO "hacking" wasn't a system breach at all. Instead, it was a case of "smishing," a sophisticated type of social engineering where a user is tricked into giving away their information.
A Closer Look at the BDO Issue
The incident, which gained a lot of attention on social media, involved a BDO account holder, Jana, who claimed her account was compromised. While many self-proclaimed "infosec experts" were quick to blame a flaw in BDO's system, a Pinoy white hat hacker named Japz Divino and his team conducted their own investigation.
Divino's team was alerted to the issue when a friend’s wife received a suspicious text message pretending to be from BDO. This is a classic example of smishing, which is a portmanteau of "SMS" and "phishing." It works by sending a fraudulent text message to trick a person into revealing sensitive details like their password or bank account number.
By tracing the link from the fraudulent SMS, the team found clear evidence that the victim had been led to a phishing site. Their logs showed that Jana's personal information—including her username, password, mobile number, and even a One-Time Password (OTP)—had been entered on this fake site.
The Real Culprit: Social Engineering
Divino emphasized that while the BDO system remained secure, the attacker successfully exploited human trust through social engineering. He stated that the sensitive information ended up in the wrong hands because of the user's interaction with the scam, not because of a system vulnerability.
"This was the result of users becoming victims of social engineering, not a system vulnerability," Divino explained. He stressed the importance of not being misled by misinformation and urged the public to be cautious of fake news spreading online. He and his team are not taking sides, but simply want to educate people on the reality of these scams. They plan to release a follow-up video to further explain how these smishing techniques work, to help prevent others from falling victim.
A Closer Look at the BDO Issue
The incident, which gained a lot of attention on social media, involved a BDO account holder, Jana, who claimed her account was compromised. While many self-proclaimed "infosec experts" were quick to blame a flaw in BDO's system, a Pinoy white hat hacker named Japz Divino and his team conducted their own investigation.
Divino's team was alerted to the issue when a friend’s wife received a suspicious text message pretending to be from BDO. This is a classic example of smishing, which is a portmanteau of "SMS" and "phishing." It works by sending a fraudulent text message to trick a person into revealing sensitive details like their password or bank account number.
By tracing the link from the fraudulent SMS, the team found clear evidence that the victim had been led to a phishing site. Their logs showed that Jana's personal information—including her username, password, mobile number, and even a One-Time Password (OTP)—had been entered on this fake site.
The Real Culprit: Social Engineering
Divino emphasized that while the BDO system remained secure, the attacker successfully exploited human trust through social engineering. He stated that the sensitive information ended up in the wrong hands because of the user's interaction with the scam, not because of a system vulnerability.
"This was the result of users becoming victims of social engineering, not a system vulnerability," Divino explained. He stressed the importance of not being misled by misinformation and urged the public to be cautious of fake news spreading online. He and his team are not taking sides, but simply want to educate people on the reality of these scams. They plan to release a follow-up video to further explain how these smishing techniques work, to help prevent others from falling victim.
Sep 22, 2025
We are dedicated storytellers with a passion for bringing your brand to life. Our services range from news and media features to brand promotion and collaborations.
Interested? Visit our
Contact Us page for more information. To learn more about what we offer, check out our latest article on services and opportunities.
