« Make a Christmas Phish | Main | About "podmena traffica test" »

December 31, 2008

There are phishing forms and there are phishing forms. To escort 2008 out the door, today's Bank of America phisher hijacked a skateboard park site to host his brand of reach-into-your-soul-and-yank-it-out form. To arrive at this form, an unsuspecting BofA customer would have to not notice that the usual two-page login sequence was not followed. Only the first, "Enter Online ID" page appears, and not the second level stuff (which, by the way, is not 100% foolproof anyway).

Look at the huge list of things asked of this form:

• State where your accounts were opened :
• Online ID :
• Bank of America ATM or Check Card PIN :
• Passcode :
• Social Security Number :
• Account Number :
• Routing Number :
• Last Eight Digits of ATM or Checkcard Number :
• E-mail Address :
• E-mail Password :
• Card holder name :
• Address1 :
• Address2 :
• City :
• State :
• Zip :
• Country : U S A
• Phone Number :
• Credit/ debit card number :
• Exp date : /
• Code verification number :
• Mother Maiden Name :
• Mother Middles Name :
• Father Maiden Name :
• Father Middles Name :
• Date of Birth :
• Driver License# :

"Middles Name" notwithstanding, anyone who hands over all of this information will find themselves cloned in the banking and credit worlds—with everything of value headed outward. If this crook wanted to be especially cruel, you would have given him all he needed to lock you out of your own email account permanently.

The only reason this guy doesn't ask for your shoe size is that the datum is not resalable. If it were, he'd ask!