Bank Of America Alert : Your Account Has Been Locked – Phish

A newer Phishing Fraud campaign is out targeting Bank of America customers.

The email arrives:

Subject:     Bank Of America Alert : Your Account Has Been Locked
From:     Bank Of America Alert <e-banking@bofa.com>

Naturally the sending address is spoofed, as these emails arrive from hijacked mail servers in Europe and Asia.

What’s notable is the general quality of the Phishing email:

Bank of America Phish Email

Click for Larger Image

As far as the email itself goes, it’s really quite good. Our only suggestion to the spammer would be to replace “Dear Esteemed Customer” with something more Western sounding, since from emails from U.S. Based financial institutions don’t often used the word “esteemed.”

Of course the link you’re supposed to follow does not take you to a Bank of America web site, but instead an infected malware server that will present you with a very comprehensive form for tricking you into providing a lot of personal and financial information that can be used for identity theft.

What’s impressive about the forged login forms is the sheer amount of data they’re trying to steal, beginning with your Online Banking Information:

Bank-of-America-Phish-Landing-Page-1

Click for Larger Image

Then they proceed to inquire about your Credit, Savings and Checking account numbers and billing addresses:

Bank of America Phish Landing Page 2

Click for Larger Image

Moving on, they require your Contact Information including Social Security number, Driver’s License Number, Date of Birth, Mother’s Middle and Maiden name, and for yucks (and here’s where they get a bit too sloppy) your Father’s Middle, and yes “Maiden” name:

Bank of America Phish Landing Page 3

Click for Larger Image

We would hope this part would tip-off just about anyone to the fact that this isn’t a valid Bank of America login page, but even with the few mis-spellings and the hysterical part about the Father’s “Maiden Name” there’s no doubt going to be those who don’t proof-read the page very carefully. And, let’s face it, everyone’s eyes tend to glaze over a bit when presented with long and detailed bank forms.

Finally, and while they have you on the hook, they request you verify you “SiteKey Challenge Questions” so they can log onto the real Bank of America site and drain your accounts:

Bank of America Phish Landing Page 4

Click for Larger Image

While the spelling and grammar issues might cause these Phishers to lose a few they had initially hooked, any remaining victims are going to spend the next few months trying to recover their financial lives from sheer havoc.

And, once the con artists clean up the Phishing Baited login pages, their catch rate should increase substantially.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , ,

Comments are closed.