Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« April 2011 | Main | June 2011 »

May 17, 2011

Bank of America Phish du Jour Permalink

Another day, another phishing campaign attempting to trick Bank of America customers to hand over their identity jewels. Today's sample:

From: Bank of America Alert
Subject: Bank of America Alert: Your Action Is Required (IMPORTANT)

[BofA Logo Image]

Dear Valued Banking Customer,

Bank of America Online has been receiving complaints from our customers for unusual activity of their Online Banking.

This is due to our regular scheduled software upgrade being carried out by our technical department to improve the quality of services for online banking customers.

Due to this, we have sent you an attachment which contains the web page in order to confirm your account information. Download the attachment to your desktop and open the file to Get Started

However, Failure to do so may result in temporary account suspension. Please understand that this is a security measure intended to help protect you and your account.

Thanks for your co-operation.
Online Banking Support Team
------------------------------------
Bank of America, N.A. Member FDIC. Equal Housing Lender
© 2011 Bank of America Corporation. All rights reserved.

The attachment, AccountConfirmation.html, is an HTML file that will, when double-clicked, open inside one's default browser. The page consists of a form with plenty of stolen BofA images (hosted at a hijacked web site), and even includes a lengthy Terms and Conditions statement to which you must agree. I don't know where the thieves got this copy of terms, but it's — how do I say it? — a little old. For instance, the computer requirements verbatim:

For PC using Windows 95, 98, NT, 2000, ME, XP
  • Microsoft Internet Explorer 5.5 or higher
  • Microsoft Internet Explorer with AOL 5.5 or higher
  • Netscape 6.2 and higher (Online Banking is not accessible with
  • Netscape 6.0)
  • Adobe Acrobat Reader 6.0 or higher (not applicable to WA and ID customers)

For Macintosh using OS 9 and OS 10


  • Microsoft Internet Explorer 5.5 or higher
  • Microsoft Internet Explorer with AOL 5.5 or higher
  • Netscape 6.2 and higher (Online Banking is not accessible with Netscape 6.0)
  • Safari 1.0 (for OS 10 only)
  • Adobe Acrobat Reader 6.0 or higher (not applicable to WA and ID customers)

Wow, talk about a trip down memory (and I'm not talking RAM) lane! I think even the crooks' eyes glazed over the terms without checking how current they were.

More troubling, however, is that the form requires input of not only the usual identity data (account info, credit card data, driver's license number, etc.), but also one's email account name and email password. The claim in the form why the email password is needed:

Effective March 21st, All customers benefit of a new Email Protection.

I'd wager that most computer users assign their primary email login credentials to many other sites, including places like amazon, iTunes, and other shopping sites. It's a very dangerous practice, but we all know it happens among users who are not as security conscious as most readers of this blog. You can rest assured that anyone who falls for this phony form and submits true data will have those login credentials fired at all kinds of sites in search of successful logins and further compromises of their accounts.

While the amount of spam hitting my incoming server has been down in the past few weeks, I haven't seen much reduction of criminal phishing activity. The crooks wouldn't keep doing it if it didn't work to some degree.

Posted on May 17, 2011 at 11:27 AM

May 09, 2011

Your Netflix Account Has NOT Been Suspended Permalink

There are so many Netflix customers online, it's a natural target for phishers who want your account login credentials:

Netflix phishing email message

The actual URL under the link is to a Chinese site whose domain name includes "netflix-customers". There, you'll be prompted in a simulated Netflix login page to enter your username and password.

Posted on May 09, 2011 at 07:35 AM

May 04, 2011

Ooh, a Message From the FBI Permalink
From: FBI
Subject: You visit illegal websites

Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Important: Please answer our questions! The list of questions are attached.

[attachment: Document.zip (10.16KB)]

Yet another in the long-running series of (commonly, like this one, grammatically incorrect) messages trying to trick recipients into loading a malware-infested attachment.

Believe me, if the FBI were truly tracking you, they'd know your full name (and a whole lot more). I also think they prefer to make, um, in-person visits to confiscate computers.

Posted on May 04, 2011 at 10:34 AM