Are you frequently receiving emails that urgently prompt you about your bank account? If you are an employee of the Department of Education, you might be familiar with the major ICT problem of the agency. Every day, teachers receive emails that look legitimate, often showing addresses that end with @deped.gov.ph. Because of this, you may wonder if these emails are really from your bank connected to your payroll account. These messages often feel urgent and convincing. However, behind them, scammers try to steal passwords and personal information. On this page, we will discuss everything you need to know about email phishing that uses fake bank names and @deped.gov.ph–style email addresses.
Email phishing is a type of online fraud. It tricks users into clicking fake links or giving sensitive data. In education systems like DepEd, attackers often pose as trusted. They use fear and urgency to make people act quickly without thinking. They often use email subjects such as “Important Notice: Please Verify Your Account Information” or more urgent messages like “Verification for Withdrawal Transactions.” In some cases, teachers immediately click the link in these emails, thinking they are doing the right thing. Then, when they check their bank accounts, their salary or bonuses are gone.
What the Scam Looks Like
In general, financial institutions like Landbank will never require you to enter passwords, OTPs, or usernames through a link in an email. They follow strict policies to avoid online scams. In addition, banks often handle account concerns in their physical branches, which require your personal appearance. Otherwise, banks address these concerns through their official mobile banking applications, which use multi-layered security features.
Nevertheless, email phishing often uses legitimate-looking email addresses and carefully crafted messages that seem to come from the actual bank. You may be persuaded by their wording and the sense of urgency they include in the email. However, it is important to always remember that Landbank and other financial institutions do not include links or clickable buttons in their emails for sensitive transactions. These institutions often use email only for promotions, campaigns, or notifications that do not require any response or action.
Warning Signs of a Phishing Email
Phishing emails often show clear warning signs if you look closely. One common sign is an unusual email address or slight misspellings that try to imitate a trusted sender. In DepEd, you might see emails about your bank account even if the sender looks legitimate and ends with @deped.gov.ph. Although both LandBank and DepEd are government institutions, LandBank never uses the DepEd email system to send messages or notifications. Also, these emails often use addresses that are random combinations of letters.
In the image above is an example of an email header that looks like it is from Landbank. However, when you examine it closely, you can see that the “From” field includes different email addresses, such as “lbpmobileapps@mail.landbank.com,” which scammers use to make the email appear as if it is from Landbank. It also includes “landbank_noreply-98971076033212492@deped.gov.ph,” which, as discussed, is not possible because Landbank does not use the DepEd mailing system.
Another red flag is the use of urgent threats or pressure tactics, where the message pushes you to act immediately, such as a warning that your account will be locked. Be careful when an email asks for your login credentials, since legitimate offices will never request your password through email. You should also watch out for poor grammar or strange formatting, as these mistakes often appear in fake messages and reveal that the email is not official.
How to Avoid Becoming a Victim
To stay safe, always practice simple but effective habits when checking your email. Do not click on unknown links, especially if the message looks suspicious or unexpected. Take time to verify the message through official DepEd channels before you respond or take action. Also, if you can, never share your passwords with anyone, as legitimate offices will not ask for them through email. If you receive a suspicious message, report it immediately to your school or IT administrator so they can take proper action.
Are Those @deped.gov.ph Email Accounts Hacked?
In some cases, the answer is “yes.” Some email accounts are compromised and used in scam operations. However, in the case of “@deped.gov.ph” addresses often seen in Landbank phishing emails, attackers use email spoofing.
You might wonder, “What is email spoofing?” and why scammers use “@deped.gov.ph” addresses. Email spoofing is a technique where attackers send emails from their own servers but alter the “From” field to make it appear as if the message came from a DepEd server. However, the Department of Education, like other agencies, remains cautious in implementing stricter restrictions to prevent this type of breach.
Why Can’t DepEd Prevent This Scam?
According to our technical research, email spoofing in the Department of Education’s @deped.gov.ph mail system may be due to weak enforcement of DMARC. Like many large institutions, DepEd sets its DMARC policy to “p=quarantine” instead of “p=reject.” DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It determines what happens when an email fails SPF (who sent it) and/or DKIM (whether it was altered after sending) checks. In simple terms, without strict DMARC enforcement, anyone can send an email that appears to come from @deped.gov.ph.
You might wonder, “Is the Department of Education, particularly the ICT division, aware of this?” Yes, they are aware and understand why email spoofing is common in their system. However, the department has practical reasons for not enforcing a strict “p=reject” DMARC policy. The Department of Education manages millions of email addresses, and many of them are not properly listed in SPF records or correctly DKIM-signed. Enforcing a strict reject policy could block even legitimate emails. Instead, large organizations often quarantine emails that fail SPF and DKIM checks and allow the receiver to decide whether the message is legitimate or not.
Fake DepEd emails continue not because they cannot be stopped, but because security improvements must balance operational continuity, coordination effort, and budget limitations. With proper planning, phased enforcement, and sustained investment, DepEd can significantly reduce email spoofing while keeping legitimate communication intact.
FAQs
It is a type of fraud where scammers send fake emails that look like they come from official DepEd accounts. They try to trick users into giving personal information or login details.
Check the sender’s email address carefully. Look for misspellings, urgent demands, or requests for passwords. These are strong signs of a phishing email.
Change your password immediately. Then, report the incident to your bank through their official channels.