We recently discovered a new phishing scam from a Bank of America spam email message that attempts to warn a computer user of an 'invalid login' resulting in a 'suspended banking account'. The spam message is ultimately a phishing scam that tries to lure computer users to a phishing site to obtain banking account login credentials.
In the ancient 'how-to-scam computer users with a bank phishing email' book, hackers have literally worn out the ink in continually using the same scam tactics. Why do they keep doing this? Easy, they do it because it is still very effect and ultimately works to their benefit. Cybercrooks who are armed with an online banking account holder's login credentials can literally clean-out someones bank account. Could you imagine waking up tomorrow morning and logging into your bank account to find out your previous $5,000 balance is now at zero?
The phishing email that we received, shown in Figure 1 below, looks legitimate and can come-off as very convincing to unsuspecting computer users who may hold a valid Bank of America account. The email reads:
Dear Valued Member,
We noticed invalid login attempts into you account online from an unknown IP address .
Due to this, we have temporarily suspended your account.
We need you to update your account information for your online banking to be re-activated
please update your billing information today by clicking
here www.bankofamerica.com/account/re-activation/ After a few clicks,
just verify the information you entered is correct.
BOA Member Services Team
P.S. The link in this message will be expire within 24 Hours . You have to update your payment information
© 2010 BOA LLC. All Rights Reserved.
Figure 1. - Phishing/Fake Bank of America email message
Phishing is an act of a cybercrook impersonating a trusted entity. In the email that we received, the perpetrator is impersonating being a Bank of America 'service team member'. Just about every phishing email has some type of link or attachment. In the case of the Bank of America phishing message that we received, it includes a link to a known phishing site (hxxp://www.share724.com), shown in Figure 2, that was recently taken down. From our extensive experience with such scams, we suspect that the phishing site, when it was live, asked users for their Bank of America online account login and password in addition to other identifiable information.
Figure 2. - Link (hxxp://www.share724.com) from Bank of America Phishing email redirects to a web page that is suspected to be part of a phishing site.
Spam and phishing scam emails are running rampant through the Internet accounting for billions of messages sent every day. Even though some reports that indicate a sudden decline in global spam email volumes, each and every computer user should know how to identify potentially harmful emails. It is essential that you never relinquish personal information to anyone including a website that may 'appear' to be legitimate.
Have you ever seen an email similar to the Bank of America phishing message show in Figure 1 above? If so, did you mistakenly click on a link in the message? What happened after that?