Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Adobe License Malware Lure | Main | Phony iTunes Gift Certificate Notice »

November 21, 2011

Idiot Bank of America Phisher

Can't these wannabe criminals read instructions?

The idiot du jour sent out a blast of Bank of America phishing messages in batches of 1200. How do I know it was exactly 1200? Because this clown included all 1200 email addresses in the highly visible To: field. I have no way of knowing how many of those addresses are valid nor how many servers of those addresses will let this phishing message pass into their inboxes, but it's bound to be some. And if any of those machines are compromised with malware, all 1200 addresses will be snarfed up and fed back into spammers' databases. Whoopee.

I did get a chuckle, however, when the jerk realized that he made a booboo and resent the message with the addresses set to BCC:. It means that he either was able to send only half as many messages as he had planned, or paid twice as much for the botnet resources. Anything that cuts into a crook's profit is OK with me.

Incidentally, the email message — festooned as it was with real Bank of America web site image files — included a section that began thusly:

This email includes a Security Checkpoint. The information in this section lets you know this is an authentic communication from Bank of America.

This little phrase has been circulating in BofA phishing messages since about June 2010. It must be part of a phishing kit sold by über-crooks. As I have said many times, the more an unsolicited email message claims to be legitimate or not spam, the more it is lying. The inclusion of some words in an email messages has no bearing whatsoever on the message's authenticity.

I really, really, really am the Tooth Fairy!


Posted on November 21, 2011 at 11:05 AM