I am seeing quite an aggressive phishing campaign against Bank of America arriving overnight UK time. They all pretend to come from Bank of America < BankofAmerica@customerloyalty.accounts.com > but are actually coming from various servers. I have posted details of 2 that I received. The emails are identical apart for the subject line. There will almost certainly be other similar subjects that I haven\u2019t seen yet.<\/p>\n
The subjects I have seen so far are:<\/p>\n
Bank of America AlertSign-in to Online Banking Locked
\nBank of America Alert: Unlock Your Account Important Message From Bank Of America \u00c2\u00ae<\/p>\n
They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.<\/p>\n
Bank of America or accounts.com have not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just innocent victims in exactly the same way as every recipient of these emails.<\/p>\n
You can now submit suspicious sites, emails and files via our Submissions system
\nRemember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain.com >. That is why these scams and phishes work so well.<\/p>\n
The email looks like:<\/p>\n
From: Bank of America <BankofAmerica@customerloyalty.accounts.com><\/p>\n
Date: Wed 17\/01\/2018 00:12<\/p>\n
Subject: Bank of America AlertSign-in to Online Banking Locked<\/p>\n
Body content:<\/p>\n
To ensure delivery, add onlinebanking@ealerts.bankofamerica.com to your address book.<\/p>\n
Online Banking Alert<\/p>\n
Online Banking Unauthorized Sign-In
\nSecurity Checkpoint: Online Banking Unauthorized Sign-In<\/p>\n
Remember: Always look for your SiteKey\u00ae before entering your Passcode.<\/p>\n
Date: 01\/17\/2018<\/p>\n
As part of our security measures, our system regularly scheduled account maintenance and verification procedures, we have detected a slight error in your online banking information. Our system requires account verification for more security and protection to your account , To confirm this verification Sign-In to your online banking and update your information.<\/p>\n
Security Checkpoint: This email includes a Security Checkpoint. The information in this section lets you know this is an authentic communication from Bank of America. Remember to look for your SiteKey every time you sign in to Online Banking.<\/p>\n
Email preferences<\/p>\n
This is a service email from Bank of America. Please note that you may receive service email in accordance with your Bank of America service agreements, whether or not you elect to receive promotional email.<\/p>\n
Contact us about this email<\/p>\n
Please do not reply to this email with sensitive information, such as an account number, PIN, password, or Online ID. The security and confidentiality of your personal information is important to us. If you have any questions, please either call the toll-free customer service phone number on your account statement or visit the Bank of America website to access the Contact Us page, so we can properly verify your identity.<\/p>\n
Privacy and security<\/p>\n
Keeping your financial information secure is one of our most important responsibilities. For an explanation of how we manage customer information, please visit the Bank of America website to read our Privacy Policy. You can also learn how Bank of America keeps your personal information secure and how you can help protect yourself.<\/p>\n
Bank of America Email, 8th Floor-NC1-002-08-25, 101 South Tryon St., Charlotte, NC 28255-0001<\/p>\n
Bank of America, N.A. Member FDIC. Equal Housing Lender
\n\u00a9 2018 Bank of America Corporation. All rights reserved.<\/p>\n
The link in the email http:\/\/www.valaskabela.sk\/new.php redirects you to http:\/\/bankofamerica-com-update-work-new2018.hbdhshjdsjkds.co.uk\/d983474dae569d3bdffe8735ae43151a\/ (random ID \/referral string after the co.uk\/ )<\/p>\n
We all get very blas\u00e9 about phishing and think we know so much that we will never fall for a phishing attempt. Don\u2019t assume that all attempts are obvious. Watch for any site that invites you to enter ANY personal or financial information. It might be an email that says \u201cyou have won a prize\u201d or \u201csign up to this website for discounts, prizes and special offers\u201d<\/p>\n
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.<\/p>\n
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying \u201clook at this picture of me I took last night\u201d and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have \u201cshow known file extensions enabled\u201c, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.<\/p>\n
Email Headers and web site details:<\/p>\n
| IP<\/th>\n | Hostname<\/th>\n | City<\/th>\n | Region<\/th>\n | Country<\/th>\n | Organisation<\/th>\n<\/tr>\n<\/thead>\n | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 5.44.105.121<\/i><\/td>\n | lax1.idcserver79.net<\/td>\n | Los Angeles<\/td>\n | California<\/td>\n | US<\/td>\n | AS29066 velia.net Internetdienste GmbH<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Received: from [5.44.105.121] (port=48780 helo=lax1.idcserver79.net)
|