Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Bank of America Hit With Fresh Phishing Assault

Sophos the security company reports that one fresh phishing assault posing as communication from BOA (Bank of America) is presently spreading online and attempting at conning innocent clients visiting the bank's website.

The assault, which involves fake e-mails, reportedly loads one PC Trojan onto the victims' computers.

However, different from conventional phishing e-mails that canvass web-links leading onto a spoofed site alternatively contain an HTML file attached, to say the least, the recent assault uses a file attachment named BillingVerification.exe, reports Sophos.

Moreover, the particular .exe file automatically extracts itself while installing one within C:\bankofamerica\verification\BillingVerification.html as well as opening it through a Web-browser available by default.

After this, the host HTML exhibits one bogus web-page apparently verifying a BOA account wherein the page produces an online form to be completed with personal information along with Internet banking and account particulars.

Sadly, inputting this information followed with hitting the submit button essentially transmits the entire data off onto one remote Internet site.

Elaborating on the above phishing assault, Principal Virus Researcher Fraser Howard at Sophos stated that after the remote website was investigated, researchers found that certain lawful website hosted the form-harvesting code. Also, the configuration of the local directory was inadequately done, while directory browsing was turned on. Therefore, the folder's content became widely visible that comprised the credential database, which was effectively harvested hitherto, Howard explained. Nakedsecurity.sophos.com published this on February 2, 2011.

Howard further stated that the latest attack was thus an alarm for every end-user. Even attacks that were most lame would usually have success, so deceiving unwary recipients that they'd believe the tactics related to social engineering. Consequently, they'd be endangered with contaminating themselves as also divulging sensitive information, the researcher added.

States Sophos that users affected with the scam have been got in touch with as also every feasible measure for blocking the attack has been adopted. Meanwhile, SophosLabs advises users for keeping themselves distanced from such malicious campaigns and never enter personal information into their phishing websites.

Eventually, users need to also deploy an up-to-date security program such as anti-phishing software for checking attacks.

Related article: Bank Issues Spam Alerts

ยป SPAMfighter News - 09-02-2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next