Phishing And Malware Campaigns Aim At Boa’s Military Bank Customers

BitDefender the anti-virus company based in Romania has cautioned that a new phishing scam accompanied with another, distributing malware, is attacking US military personnel who saved personal incomes into their accounts created at Bank of America (BOA).

The BOA's Military Bank reportedly, gives solutions for specific financial problems of current as also retired military staff along with government employees and veterans.

Warns BitDefender, online crooks are dispatching fraudulent e-mails that take customers of the Military Bank onto a phishing or spoofed website.

And while the unwanted e-mail lures military staff, it presents a notification to the recipients regarding a vital account update exercise and directs that they must click a link that, however, takes them onto a so-called online form.

Specifically, the fake message tells the recipient that his BOA Military Bank Account needs to be updated therefore he must click a web-link provided in the e-mail. Softpedia published this on September 7, 2010.

Indeed, users, who land on the web-page obtained from the link, soon realize that the page doesn't relate to financial institution, rather is simply a deception designed to make soldiers give up their credentials to scammers through a script named 'account.php.'

Moreover, if users overlook the non-existent SSL security features while trying to login through the phishing site they'll find that their credentials for Internet banking are pilfered.

That's not all. After being cheated off personal login information, users who remain unwary are likely to find that they're diverted onto another web-page that tells them that they must take down and load an .exe file representing a supposed tool for update that, however, is Trojan Bredolab.

Bredolab has caused many calamities, yet the two highly destructive impacts it caused on computer activity were system spying and scareware installation.

Meanwhile, a cyber-attack targeting the Military Bank users isn't something new. During 2007 and previously too, scams of similar kind had been detected.

Hence, it's strictly advisable that users install an anti-virus solution that's up-to-date, look for the SSL security feature while logging into sensitive websites as well as report any e-mail warning pertaining to their accounts to the respective bank.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 9/15/2010