Embedded Files
KMS: Phishing Emails Impersonating LANDBANK of the Philippines
KMS: Phishing Emails Impersonating LANDBANK of the Philippines
Owner: OSDS – ICT Services Unit, SDO Bislig City
Version: 1.0 (Updated: 02 Feb 2026)
Audience: All DepEd personnel (teaching and non‑teaching) with LANDBANK payroll or e‑services accounts
1) Purpose
1) Purpose
Provide a standard, division‑wide reference to detect, report, and contain phishing emails pretending to be from LANDBANK, and to protect personnel payroll accounts and DepEd ICT assets. (DepEd and LANDBANK have both issued public warnings on LandBank‑themed phishing campaigns.) [pia.gov.ph], [landbank.com]
2) Scope
2) Scope
Covers email and SMS (“smishing”) scams claiming to be from LANDBANK (e.g., iAccess/Mobile Banking App/Link.BizPortal notices, “account blocked,” “password reset,” “claim reward”). Includes cases where messages appear to come from compromised @deped.gov.ph accounts. [depedsorsogon.com.ph]
3) Key Facts You Need to Know
3) Key Facts You Need to Know
LANDBANK does not send emails or SMS with clickable links. Any “LandBank” message containing a hyperlink is fake. [landbank.com], [rmn.ph], [gmanetwork.com]
Official LANDBANK reporting mailbox for suspicious messages: reportphishing@landbank.com; customer care: (02) 8‑405‑7000 / 1‑800‑10‑405‑7000. [landbank.com], [lbpiaccess.com]
Official sites to type manually in the browser (never click from email): www.landbank.com and www.lbpiaccess.com. [pasigcity.gov.ph], [lbpiaccess.com]
4) Red Flags (Indicators of Phishing)
4) Red Flags (Indicators of Phishing)
Email/SMS urges urgent action (“Your account will be blocked”, “Verify now”, “Claim ₱10,000”). [depedsorsogon.com.ph]
Clickable links or buttons in the message; shortened or misspelled URLs (e.g., landbαnk, lbp‑iaccess). LANDBANK never sends clickable links. [landbank.com]
Sender looks off (free mailbox, spoofed domain, or compromised @deped.gov.ph account). [depedsorsogon.com.ph]
Requests for credentials/OTP or sensitive data. Legitimate bank reps won’t ask for these. [landbank.com]
Fake sites imitating iAccess or Link.BizPortal reached via ads or links. Use only official URLs. [pasigcity.gov.ph], [lbp-eservices.com]
5) Immediate Actions (First 10 Minutes)
5) Immediate Actions (First 10 Minutes)
If you receive a suspicious LandBank email/SMS:
A. Do not click links or open attachments; do not reply.
B. Capture evidence: screenshot the email header/URL, save the .eml if possible. (Good practice for investigations and NPC compliance.)
C. Report to: [landbank.com] [privacy.gov.ph]
LANDBANK – forward to reportphishing@landbank.com. [landbank.com]
Division ICT – forward the email to OSDS‑ICT Services Unit (ticketing or shared mailbox), for blocklisting and advisories. (Local policy alignment.)
National (when widespread/with data exposure): CERT‑PH/NCERT or law‑enforcement cyber units for incident handling.
D. Delete the message from Inbox and Trash after reporting. [ncert.gov.ph], [cybersecurity.ph] [landbank.com]
If you already clicked or entered details:
E. Call LANDBANK immediately to freeze or flag the account; then change passwords from a clean device.
F. Notify OSDS‑ICT to initiate incident response (password resets, device scans, mail rules check, sender block). (NPC requires timely breach handling for potential data exposure.) [landbank.com] [privacy.gov.ph]
6) Division Workflow (Swimlane Summary)
6) Division Workflow (Swimlane Summary)
Employee → OSDS‑ICT → Records/Comms → Finance/HR → External (LANDBANK / CERT‑PH / PNP‑ACG / NPC)
Employee detects & reports: forwards to OSDS‑ICT and LANDBANK; deletes message. [landbank.com]
OSDS‑ICT triage:
Validate indicators; block sender/URL/attachment in M365; purge similar messages if tenant‑wide.
Check if the user’s @deped.gov.ph mailbox shows suspicious Inbox rules, MFA prompts, or sign‑ins. [depedsorsogon.com.ph]
If credentials may be exposed, force password reset and MFA review; preserve logs/evidence for 90 days+. [privacy.gov.ph]
Records/Comms: issue division advisory (what happened, what to do) using standard template; avoid sharing PII. (Supports privacy‑by‑design.) [privacy.gov.ph]
Finance/HR: alert payroll focal to monitor for unusual transactions; coordinate with LANDBANK for dispute/escalation if needed. [landbank.com]
External escalation (as needed):
LANDBANK (reportphishing@landbank.com / hotlines) for account‑level action;
CERT‑PH/NCERT (DICT) for coordinated incident response;
PNP‑ACG/NBI‑CCD for criminal complaints;
NPC if personal data of staff was exposed (privacy breach workflow). [landbank.com], [ncert.gov.ph], [cybersecurity.ph], [privacy.gov.ph], [privacy.gov.ph]
8) Standard Operating Procedure (SOP) – Detailed
8) Standard Operating Procedure (SOP) – Detailed
Triage (within 2 hours): OSDS‑ICT validates phishing indicators; place transport rules to block sender/URL; search & purge similar emails division‑wide if needed. (Use official LANDBANK guidance that links are never legitimate.) [landbank.com]
Containment: For any user who clicked/entered data, reset passwords, revoke sessions, re‑enroll MFA; scan device; review Outlook rules and sign‑in logs. [depedsorsogon.com.ph]
External coordination: Send samples to reportphishing@landbank.com; if a fake site is live, coordinate with CERT‑PH/NCERT for takedown routing. [landbank.com], [ncert.gov.ph]
Privacy posture: If any personal data may be at risk (e.g., names, payroll IDs, email addresses), engage the Division’s DPO and prepare NPC‑compliant documentation; submit formal complaint/breach notice if thresholds are met. [privacy.gov.ph], [privacy.gov.ph]
Awareness & after‑action: Issue division advisory with screenshots of the scam (redacted), update FAQs, and log the incident in the KMS registry. (DepEd divisions have been issuing similar advisories.) [depedimuscity.com], [depedpines.com]
9) What NOT to Do
9) What NOT to Do
Don’t click the link, don’t download the attachment, don’t forward the scam to colleagues (except to OSDS‑ICT/LANDBANK reporting). [landbank.com]
Don’t share OTP or credentials with anyone claiming to be from LANDBANK. [landbank.com]
Don’t rely on Google search ads to find the bank’s site; type the URL or use the official app. [pasigcity.gov.ph]
10) Training & Preventive Controls
10) Training & Preventive Controls
URL hygiene: Always type www.landbank.com or www.lbpiaccess.com manually; check for HTTPS and the padlock. [lbpiaccess.com]
Password & MFA: Use strong, unique passwords; enable MFA; change periodically. [lbp-eservices.com], [lbp-etps.com]
Mailbox hardening: Teach staff to spot rogue Inbox rules and use the Report Phishing button in Outlook (if enabled). (Supports early containment.) [privacy.gov.ph]
Division reminders: Periodic memos on phishing risks targeting DepEd accounts. (Other SDOs/ROs have issued similar circulars recently.) [pia.gov.ph], [depedimuscity.com], [depedpines.com]
11) Reporting & Contact Directory (Philippine Context)
11) Reporting & Contact Directory (Philippine Context)
LANDBANK (official):
Phishing mailbox: reportphishing@landbank.com
Customer Care: (02) 8‑405‑7000 / 1‑800‑10‑405‑7000
Website: https://www.landbank.com (type manually) [landbank.com]
DICT – CERT‑PH / NCERT: national incident coordination & takedown routing. [ncert.gov.ph]
Law Enforcement:
PNP Anti‑Cybercrime Group (ACG) – complaints/investigation. [cybersecurity.ph]
NBI Cybercrime Division (CCD) – complaints/investigation. [cybersecurity.ph]
National Privacy Commission (NPC): privacy breach complaints/notifications. [privacy.gov.ph], [privacy.gov.ph]
12) Legal & Policy References (for admins)
12) Legal & Policy References (for admins)
Cybercrime Prevention Act (RA 10175) – computer‑related fraud/identity theft. (Context for reporting & preservation of evidence.) [respicio.ph]
Data Privacy Act (RA 10173) & NPC breach procedures – breach assessment, notification, and incident response. [privacy.gov.ph]
LANDBANK advisories – no clickable links; beware of fake sites/ads; official hotlines. [landbank.com], [pasigcity.gov.ph]
DepEd/PIA advisories – phishing targeting DepEd personnel via LandBank lures. [pia.gov.ph]
13) Ready‑to‑Send Division Advisory (Short Template)
13) Ready‑to‑Send Division Advisory (Short Template)
Subject: ALERT: Phishing Emails Pretending to be from LANDBANK
Colleagues,
We are observing phishing emails that pretend to be from LANDBANK and contain clickable links (e.g., “verify account,” “claim reward,” “unusual activity”). Do not click any link or open attachments. LANDBANK does not send clickable links in emails or SMS.
What to do now: (1) Forward the message to reportphishing@landbank.com and the OSDS‑ICT Services Unit, (2) then delete it. If you already clicked or shared credentials/OTP, call LANDBANK (02) 8‑405‑7000 / 1‑800‑10‑405‑7000 immediately, then inform OSDS‑ICT for account resets and device checks.
For questions, contact OSDS‑ICT Services Unit
Page updated
Report abuse