Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Phishing Scam Attacks Users of BoA Digital Certificates

A fresh phishing scam has been launched to target customers of 'Bank of America Direct Digital Certificate program.' A full-service system based on the Internet, 'Bank of America Direct' is a chosen utility of firms handling their business activities.

To access this system, end users need to have an authorized digital certificate that BoA issues for its installation into the Web browser. However, this evokes interest in phishers to access users' 'Direct' accounts with BoA.

Unfortunately, BoA creates a situation that enables the phishers to obtain both the certificates and user credentials by developing an assault with the help of the BoA Direct Digital Certificate Pick-up website.

This site permits an owner of the certificate to re-download it by entering his company ID, username and password.

On June 1, 2009, fraudsters began dispatching unsolicited phishing e-mails to target users in the name of Bank of America. The e-mails say that the recipient's Digital Certificate for his BoA Direct Internet account has expired, or they are informing recipients that the Bank has released an updated edition of BoA Customer Form.

Furthermore, the fraudulent e-mail provides a specially crafted URL that the user is directed to click. Subsequently, it asks the user to do all that are outlined in detail on the BoA Direct Digital Certificate program phishing site.

This site displays a 'CONTINUE' button, which presents a fake copy of the BoA Customer Form for acquiring the digital certificate. But if this form is filled in correctly, two consequences take place. First the user's account would get hacked into, as the phishers now have the complete login information from the certificate-requesting form.

Secondly, rather than being asked to download the certificate, the victim would get a file named 9129837.exe viz. actually a Trojan for stealing information.

Meanwhile, to give the e-mail an appearance of authenticity, the phishers cleverly included a statement that says since the e-mail isn't a form itself, the recipient should not reply to it.

Thus, BoA advises its 'Direct' users to remain cautious and to also verify over telephone, the bank's e-mail-based requests.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 6/9/2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next