Bank of America Alert: Message from Customer Service – Phishing Example

We’ve pointed out in the past how BoA makes phishing easy and today’s phishing example is an example of somebody taking advantage of BoA’s “please phish us” email policy.

Subject: Bank of America Alert: Message from Customer Service

From: “Bank of America Alert” <onlinebanking@ealerts.bankofamerica.com>

Here’s what it looks like:

BoA phishing example
BoA phishing example

Seems fairly legit so far. Let’s dig a little deeper . . .

Notice that the email above is full of links (since we only posted an image you’ll have to take our word for it – the blue text is all links). Normally these would all link to various things that BoA wants you to visit. Presumably all at bankofamerica.com.

<rant>BoA persists in filling their email with links which is just asking for phishing like this. If you are a BoA customer, write to them and complain. A good bank email will just say visit us at bankname.com without linking to the URL and also warn you not to click on links in emails that claim to be from bankname.com.</rant>

We checked the links and they all go to this URL:

http://www.bankofamerica.com.sas.signon.do.detect.2.signin.sessionid.
rmrlfbqjlokcjpczgs.oxcvsvcpdsoeeseytje.yucfnjtidbvnujxrwjmsea.zydyilpnchtjrriiszti.
zydyilpnchtjrriiszti.zydyilpnchtjrriiszti.zydyilpnchtjrriiszti.nuyovbuskl.bernadinec.com
/index.php?pageType=708XeMWZamp;cust=redacted@redacted.redactedamp;l=lWXS3AlBXVShqAhQRfhgTDrf=nttps://sitekey.bnkofamerica.com/sas/signon.do?SignIn&SMSESSIONID=ASERTFGUY2I94O0389GYBH23JNMKUYH83JM
N12I90U82HJNASDKOASD9AS8D&iv=90832yhIopOWjos

There are three clues here:

  1. All of the links go to the same URL. Based on their texts the links should go to different URLs. In a real BoA email they might all go to bankofamerica.com but there would be different file names or sub-domains added like bankofamerica.com/mailbox or profile.bankofamerica.com. In this case they’re all exactly the same. This alone proves the email is fake.
  2. If you follow the dots in the URL you’ll eventually see that it ends up leading to bernadinec.com. While it’s true that banks don’t always use their main domain for email links. When they don’t it’s usually something to do with transaction processing. We tried to visit bernadinec.com and Firefox flagged it as a known web forgery.
  3. The URL is a classic example of a phishing URL. It has waaay too many dots and www.bankofamerica.com is at the wrong end.

Once again if you are a Bank of America customer, please email them and suggest that they should place security above convenience by not including links in their official emails.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags:

Comments are closed.