Bank of America Alert : Account Locked – Phishing Fraud

A new and very well crafted spoofed Bank of America Alert is making the rounds:

Subject:     Bank of America Alert : Account Locked
From:     Bank Of America <onlinebanking@ealerts.bankofamerica.com>

In reality, the email address is spoofed and could be coming from anywhere, but the ones we’ve reviewed so far came from hostgator.com accounts through their annonymous “WebsiteWelcome” domain:

gateway08.websitewelcome.com ([69.56.142.29])

The Bank of America fraud emails warn:

There are a number of invalid login attempts on your account. We had to believe that, there might be some security problems on your account. So we have decided to put an extra verification process to ensure your identity and your account security.

Please click here to continue the verification process and ensure your account security.

The trap is that the linked phrase “click here” leads to an otherwise legitimate, but  unfortunately hacked web site that has been modified to replicate a Bank of America login page.

Naturally, should a visitor attempt to login, they will only be providing their Bank of America username/password to the cyber-criminals behind this Phishing scam.

A captured copy of the very well designed fraud email:

Bank of America Alert Account Locked - Phishing Fraud

Click for Larger Image

As an aside, if you’re currently doing business with www.Hostgator.com then you might want to consider just how “spam friendly” a host must be to not only provide an anonymous domain for sending mail (http://websitewelcome.com) but where the entire homepage for that domain consists of nothing more than this:

“For abuse issues related to the websitewelcome.com domain, please email your complaint with any relevant logs to abuse@websitewelcome.com”

Just in case you think we’re in any way stretching the truth, here’s an actual screen shot of the entire homepage:

WebsiteWelcome Homepage

Click for Lager Image

It’s nice that they are so open about admitting they might have a few spammers using their hosting services.

That said, good luck with the abuse@ reporting address.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , ,

Comments are closed.