August 14, 2012More Malware Lure Stew Ingredients
Today's menu features our chef de la malware cooking up fake Amazon and Bank of America emails that try to trick recipients into visiting hijacked web sites or opening Trojan attachments. If you take a bite of those messages, your privacy and personal data will get the runs.
Both of these message campaigns have circulated for several days, so they may not be news to everybody. Still, they're worth seeing to help you spot similarly constructed fakes in the future.
The one first claims to come from amazon.com, although in the copy I saw today, the crooks couldn't get their spam machines to behave properly and had the phony From: field say it's from UPS Global Express. This message, whose Subject: line reads:
Subject: We can not charge your credit card
is funny in a sad kind of way. Although attempting to imitate the look of an amazon.com HTML email, the message's grammar is ridiculously bad:
Your credit card was blocked.
We tried to withdraw money from your credit card, but your bank decline it. In the attachment you will be found a invoice from your last order. Please pay this invoice as soon as possible.
Whoever wrote that would have his knuckles cracked with a ruler by the school teacher who taught English to that eastern European student. Simply atrocious.
The second message claims to come from Bank of America—yet another attempt by the crook to hang his hat on a hook of this large financial institution. I'm not aware of the service referenced in the message, but it might have something to do with corporate accounts:
Subject: CashPro Online Digital Certificate Granted
August 14, 2012
This email is being sent to inform you that you have been granted a new digital certificate for use with Bank of America CashPro. Online.
Please login to CashPro Online, you will be guided through a simple process to create and install your digital certificate.
Also you can download new digital certificate at https://cashproonline.bankofamerica.com/AuthenticationFrameworkWeb/cpo/login/protected/pickUpCert.faces.
If you have any questions or concerns about this digital certificate, please contact your Client administrator.
Thank you for your business,
Bank of America
CashPro Online Security Team
Please do not reply to this email as it is an automated message and the email box is not monitored.
The Bank of America Technical Help Desk can be reached at:
United States & Canada: (888) 589-3473
EMEA: +44 (0) 20 8313 2154
Asia: (65) 6239 3300
Australia: (61) 2 9931 4333
Latam: (469) 330-1160
)Copyright 2011 Bank of America Merrill Lynch. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.
I hope you enjoyed today's meal. The chefs are hard at work on new dishes to trick the unwary.Posted on August 14, 2012 at 01:38 PM