Bank of America Customers Targeted by Obvious Phishing

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
A fresh operation recently detected by security researchers aims at stealing sensitive financial information from the clients of Bank of America, but the amount of data demanded from the potential victim is bound to ring the alarm.

Too much information
A web page impersonating the bank’s site has been set up by the crooks, claiming that online banking information needs to be verified in order to re-activate the allegedly suspended account.

The user is instructed to download a file to complete the task, but pushing the button redirects to a different website, which contains forms for collecting the confidential details.

This behavior should raise suspicions from the get-go, but if the process is continued, the fact that all the data necessary for securing the account is requested should be reason enough to abandon the task.

Christopher Boyd from Malwarebytes says that the crooks ask for the username and password of the banking account, name, date of birth, social security number, driver’s license number, as well as the credentials for the email account.

Card data also requested, some images on the site are broken
“That’s not all,” he says in a blog post, “there’s also 3 security questions and payment information / address to complete the carefully laid out steps.”

Payment information includes CVV (card verification value), card number and its expiration date, all sufficient for making fraudulent purchases at most online shops.

Basically, all the info for taking over the account or attempting to do so is expected by the crooks.

Banks already have all these details and would not run these checks online. Moreover, the verification procedure does not ask for card data, since this is issued by the bank itself and associated with client information; also, email credentials have absolutely no role in a bank's checking someone's identity.

The researcher points out that some of the images on the website are broken, also a reason for alarm, and that none of the URLs look similar to those of Bank of America.

Some of the web browsers have already picked up the phishing website and flag it as such, in order to prevent users from accessing it.
 
  • Like
Reactions: tallorder
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top