Malwarebytes Warns - Scammers Targeting Bank of America

HELP NET SECURITY published a report on 21st March, 2015 quoting a warning of Chris Boyd, Security Researcher of security firm Malwarebytes, as "phishers are yet again targeting customers of Bank of America (BoA).

The fake email emulating the bank, with its headquarter in Charlotte, North Carolina, (US), informs the recipient that their net-banking facility has been deactivated because of doubtful activity.

The link enclosed in the email leads to a webpage that contains instructions about the verification of your account information.

Users having more knowledge might find it suspicious as the URL of the page has no link with BoA but others will certainly download and open attached file to verify.

When they open the file, they will be directed to a phishing site (at Alertfb(dot)pw/site/IrregularActivityFile(dot)html) where they are tricked to submit personal information as requested by this page. The page collects useful information like Online ID and password, social security number, name, email address with password, date-of-birth, driving license number, etc. Moreover, the user has to answer three security questions and submit payment information or address to complete the form.

Banks already have access to all these important details and would never ask these online. Moreover, the verification process does not require card details because the card is issued by the bank itself and linked with information of the client; also, credentials of email have nothing to do with the procedure of checking someone's identity by the bank.

The researcher figure out that some pictures on the website are wrecked which is also alarming.

Some web browsers have by now identified the phishing website and singled it out as such so that users are prevented to access it.

There will be more updates from different browsers also in due course of time but as of now, you have to be careful about clicking on any link and two URLs appear in an unsolicited email.

The security firm recommends that if you fell for such tricks like this, then contact your bank immediately and give them the desired details so that they can block any illegal transactions as soon as possible, change the details which can be altered (security questions) and issue you a new payment card.

» SPAMfighter News - 4/1/2015