Phishers Attacked Comerica Bank Users with Fake E-mail
A financial services company headquartered in Dallas, Comerica, disclosed on January 22, 2009 that it received several phishing spam mails aiming to steal details and token codes of Comerica users.
The phishing mail contained the subject line, "Comerica Bank customer service: important security update", and the "From" section of the mail contained address "firstname.lastname@example.org".
The text of the mail was addressed to the bank's customer and said that he/she had got this alert message, as he/she had been chosen to be a Comerica Business Connect user.
Further, the mail revealed that the Bank wished to inform the user that they are currently undertaking scheduled maintenance of banking software, which operates customers' database for users of Comerica Business Connect. Since customer database is based on client-server protocol, the Bank requires customer's involvement in the updating program to finish the procedure.
Thus, the customers of Comerica Business Connect have to fill a Comerica Business Connect form. For using the form, the mail has an attached link which needs to be clicked. Moreover, the link says that the mail text is different for every user and expires after a certain time period.
But if the user does not fill the Comerica Business Connect form before the expiry time period, the updation system will automatically send a notification message.
Security experts also added that in the end, the mail thanks the users for their cooperation and also apologizes for any problem because of the mail. But on clicking the link, a well made URL located in Belgian domainspace is opened.
In addition, the Bank also advises the users not to click on the attached link as by doing so their system can install a virus or spyware. Security experts also recommend users to see the Protection Page for more details on what measures they should take to fight against the scam.
In fact, this is one of the phishing scams that have targeted Comerica Bank recently as the last scam was reported during April 2008. In this scam, the users got the mails directing them to verify their own selves by accessing digital certificates at Comerica Bank.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 07-02-2009