What’s happening? More than 100 “linked-jacked” UST web pages redirected to online casinos, e-sabong platforms, and betting sites—a cyberattack experts say could steal personal info and inject malware.
Why it matters: The hijacked pages exploit the trustworthiness of “.edu.ph” domains. They may be used to phish users, collect payment data, or serve as entry points for more serious cyber threats.
Expert takes:
- “Because .edu.ph domains are highly trusted by search engines, these hijacked UST pages can help illegitimate sites boost their visibility, SEO (search engine optimization), and credibility,” said Scam Watch co-founder Arturo Samaniego Jr.
- Cybercrime Investigation and Coordinating Center (CICC) director Rojun Hosillos said some fake pages may contain spyware, keyloggers, or deceptive forms. “Your personal info becomes the investment you put in these websites,” he said. “Even just clicking the link puts users at risk.”
Root causes: Hosillos cited weak admin passwords and unchecked vulnerabilities in UST’s systems. He called for immediate vulnerability assessments and penetration testing.
What happened before: The breach follows a similar attack on the University of the Philippines in May, where over 1,300 university pages were compromised, including learning management and administrative systems.
What UST is doing:
- Following a Varsitarian report on July 10, many of the hijacked UST pages were taken down. The deleted links now redirect to an official UST page showing an error message.
- UST recently introduced multi-factor authentication for University email log-ins—part of its ongoing security improvements.
Next steps
Experts recommend that UST:
- conduct full audits and cleanup of compromised pages;
- strengthen backend systems and patch vulnerabilities;
- form a dedicated cybersecurity team separate from its ICT office;
- coordinate with DICT, PNP Anti-Cybercrime Group, and its web host.
Full story:
ACCESSING UST webpages redirecting users to dubious “e-sabong,” online casinos and other digital gambling and betting platforms may be a form of phishing and other cyberattacks injecting malware into users’ devices, experts warned.
Arturo Samaniego Jr., co-founder of Scam Watch, a national citizen arm established by the government in 2023, said the more than 100 links posing as official UST websites are a case of “hijacking” or “linkjacking.”
“The presence of search results promoting online betting sites under an edu.ph domain indicates that malicious actors have exploited vulnerabilities within the university’s web infrastructure,” Samaniego told the Varsitarian.
Linkjacking occurs when attackers exploit vulnerabilities in an institution’s backend or content management system to insert redirect scripts into specific pages. This caused users to be unknowingly redirected to online gambling sites.
“Because edu.ph domains are highly trusted by search engines, these hijacked UST pages can help illegitimate sites boost their visibility, SEO (search engine optimization), and credibility,” he said.
The incident mirrors a similar cyberattack reported by the Philippine Collegian in May, which affected over 1,300 webpages of the University of the Philippines (UP), including learning management systems and administrative sites.
READ HERE: Fake UST sites redirect users to e-sabong, online gambling platforms
After the Varsitarian reported the attack on July 10, a significant number of pages were already taken down. Deleted pages now direct to an official UST webpage but display an error message saying “the page can’t be found.”
Samaniego warned that because linkjacking may be a form of phishing, malicious actors behind the dubious links may collect personal data or payment information from users who had accessed the site.
Phishing pages are disguised as legitimate services that trick users into revealing their personal information, while malware-infected sites could install spyware or keyloggers that could capture sensitive data and monitor user activity.
“This puts the users and the UST networks at risk. If a compromised device reconnects to the campus network, it can act as a backdoor, that would allow further attacks or data exfiltration,” Samaniego said.
Rojun Hosillos, director of the Cybercrime Investigation and Coordinating Center (CICC), warned that malware on redirected sites may harvest personal information, potentially leading to estafa — a crime under Philippine law involving deceit or false pretenses to obtain money.
“We’re not sure if kung manalo ka na, ibibigay nila ang premium mo or if actually kung may nananalo sa kanilang mga websites because it’s unregulated, it’s unchecked,” Hosillos told the Varsitarian.
“Your investment will be your personal information na ilalagay mo po sa mga websites nila. Clicking the website will put one in a bit of a compromise na dahil may mga malware sa loob ng clickable link na ‘yan.”
Hosillos said weak passwords among network and system administrators may lead to these occurrences. He recommended identifying potential points of compromise within the system.
“I really recommend vulnerability assessment and penetration testing of your websites and even of your endpoints para malaman natin ang scope of the attack. Magkaroon tayo ng idea of the scope of the attack and at the same time malaman natin kung saan ang mga points of compromise.”
With UST as the registered owner of the legitimate website, it has the authority to remove the malicious sites, Samaniego and Hosillos said.
This involves identifying affected pages through audits or user reports, removing malicious code via the server or content management system, and strengthening cybersecurity to prevent future intrusions.
Samaniego urged the UST to establish a dedicated cybersecurity team separate from the Office of Information and Communications Technology to prevent similar attacks.
“It is also recommended for the UST IT department to coordinate with its hosting provider, and the national cybersecurity authorities like the [Philippine National Police Anti-Cybercrime Group] and [Department of Information and Communications Technology-CICC],” he said.
Recently, UST fortified its online security measures by rolling out multi-factor authentication for accessing official University emails.
Church and government officials had voiced concerns over the spread of online betting, which the Catholic Bishops’ Conference of the Philippines described as a “virus” and “public health crisis” plaguing the country.
