« More Fake Bank of America Malware Lures | Main | Phony London Olympics Lottery »

August 14, 2012

Today's menu features our chef de la malware cooking up fake Amazon and Bank of America emails that try to trick recipients into visiting hijacked web sites or opening Trojan attachments. If you take a bite of those messages, your privacy and personal data will get the runs.

Both of these message campaigns have circulated for several days, so they may not be news to everybody. Still, they're worth seeing to help you spot similarly constructed fakes in the future.

The one first claims to come from amazon.com, although in the copy I saw today, the crooks couldn't get their spam machines to behave properly and had the phony From: field say it's from UPS Global Express. This message, whose Subject: line reads:

Subject: We can not charge your credit card

is funny in a sad kind of way. Although attempting to imitate the look of an amazon.com HTML email, the message's grammar is ridiculously bad:

Your credit card was blocked.

We tried to withdraw money from your credit card, but your bank decline it. In the attachment you will be found a invoice from your last order. Please pay this invoice as soon as possible.

Whoever wrote that would have his knuckles cracked with a ruler by the school teacher who taught English to that eastern European student. Simply atrocious.

The second message claims to come from Bank of America—yet another attempt by the crook to hang his hat on a hook of this large financial institution. I'm not aware of the service referenced in the message, but it might have something to do with corporate accounts:

Subject: CashPro Online Digital Certificate Granted

August 14, 2012

Dear Customer,

This email is being sent to inform you that you have been granted a new digital certificate for use with Bank of America CashPro. Online.

Please login to CashPro Online, you will be guided through a simple process to create and install your digital certificate.

Also you can download new digital certificate at https://cashproonline.bankofamerica.com/AuthenticationFrameworkWeb/cpo/login/protected/pickUpCert.faces.

If you have any questions or concerns about this digital certificate, please contact your Client administrator.

Thank you for your business,

Bank of America

CashPro Online Security Team

Please do not reply to this email as it is an automated message and the email box is not monitored.

The Bank of America Technical Help Desk can be reached at:

United States & Canada: (888) 589-3473

EMEA: +44 (0) 20 8313 2154

Asia: (65) 6239 3300

Australia: (61) 2 9931 4333

Latam: (469) 330-1160

)Copyright 2011 Bank of America Merrill Lynch. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.

The links, of course, are to a hijacked web site that redirects to the usual JavaScript-based malware loading techniques. If this message lands on a PC that is used for corporate online banking (online banking and email on the same machine? NO NO NO), and if the recipient isn't smart enough to spot a phony, the crook has hit the Big Time. You'd think by now that businesses that do online banking would at least be equipped with anti-virus software to spot the more egregious attempts to take over the computers. But the tactic must work sufficiently often to get the crooks to keep trying. Sucking tens or hundreds of thousands of dollars from a single business bank account makes the cost of sending gazillions of spam messages and recruiting money mules seem like pocket change.

I hope you enjoyed today's meal. The chefs are hard at work on new dishes to trick the unwary.