Monday, October 02, 2006

Bank of America: Anatomy of a Phishing Attempt

WARNING: DO NOT CLICK ANY LINKS ON THE QUOTED/ITALICIZED TEXT BELOW

I got this email this morning:

From: User fdvxrinok [fdvxrinok@248-10.utk.ru]; on behalf of; Bank of America [Notice@bankofamerica.com] To: berniej@xxxxxxxx.com

Your Online Banking is Blocked

We recently reviewed your account, and suspect that your Bank of America account may have been accessed by an unauthorized third party. Protecting the security of your account is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features.

To restore your account access, we need you to confirm your identity, to do so we need you to follow the link below and proceed to confirm your information:

http://www.bankofamerica.com.sas.signon.dostate.cgi.section.signin_home.update.yes.cookiecheck.secureprotection.info

Tank you for your patience as we work together to protect your account.

Sincerely, Bank of America Customer Service

*Important* Please update your records on or before 48 hours, a failure to update your records will result in a temporal hold on your funds.

Bank of America, N.A. Member FDIC. Equal Housing 2006 Bank of America Corporation. All rights reserved.

Now. how do I know that this is a phishing attempt?
  • The sender is actually someone from Russia (as seen on the .ru email address). What would a fellow in Russia do with Bank of America's security?
  • If you click the link for confirming the user information it actually goes to http://www.thunderrockradio.com/forums2/includes/www.bankofamerica.com/ which is not a Bank of America website. It does, however, seem to get its images directly from the Bank of America website.
  • And lastly, I DO NOT HAVE AN ACCOUNT WITH BANK OF AMERICA!

I just hope that some of my readers from the U.S. gets to read this before its too late.

No comments: