a really good PHISHING email pretending to be from bank of america

[vibebob]

I'm usually good at sniffing these out but this one looks really good so I thought I'd pass it along. I called Bank of America to make them aware and they said it is just starting to make the rounds as BoA. BoA, like all financial institutions will NEVER SEND EMAIL OR CALL asking for personal information. If you get one, delete it and call your bank or CC and you'll find out it is phishing.note the email link as bankofamerica.com , this is usually the first sign it isn't ligit, but this one is spelled correclty. the only catch is the /state.cgi?section=signin&update at the end and is the only thing that looks out of placehere is the email:Bank Of America Online® Department Notice You have received this email because you or someone had used your account from different locations. For security purpose, we are required to open an investigation into this matter. In order to safeguard your account, we require that you confirm your banking details. To help speed up this process, please access the following link so we can complete the verification of your Bank Of America Online® Banking Account registration information : http://www.bankofamerica.com/s...pdatePlease Note: If we do no receive the appropriate account verification within 48 hours, then we will assume this Bank Of America account is fraudulent and will be suspended. The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community. We appreciate your support and understanding and thank you for your prompt attention to this matter. Regards,Bank Of America - Bank Of America Online® Banking Department Please do not reply to this email as this is only a notification. Mail sent to this address cannot be answered. Bank of America, N.A. Member FDIC. Equal Housing Lender © 2007 Bank of America Corporation. All rights reserved.

[zionzr2]

Thanks for the heads up!Those Phishers are getting craftier and craftier we must keep Vigilant

[scott_h]

I think I've gotten the same one several times over the last 6 months or so. I'm pretty confident it was a fraudulent message since I've never done business with them. I've gotten a lot of them from PayPayl and eBay too. They look very authentic - I can see why unsuspecting people fall for it. I always forward them to the "supposed" company's fraud department.

[Jahntassa]

Don't know what it is for BoA, but for ebay/paypal, just forward the emails to:spoof@ebay.comspoof@paypal.comThey'll send a reply stating if it's 'official' or not. So far, i've never run into one that was official...

[AKLGT]

i had one from chase manhattan send me something... too bad i don't have a chase card or any account with them!

[808 Vibes]

Yes, I had one that was made to look like it was from eBay. NEVER, EVER give PASSWORDS or other personal info in an email, or on the phone! Be careful, everyone!

[northvibe]

ah yes i think i got that one. They can easily spoof the "From" email to look just exactly like the real bank of america or whatever they are trying to spoof but if you reply it would go to their email... Many emails tell you not to give out passwords etc. but have a link in the email to log in and update or change your password, this is a trick to get you to log into their fake website and get your user/pass so be careful!

[silver_vibe]

Quote, originally posted by vibebob »...http://www.bankofamerica.com/state.cgi? ... ate...imho - I don't think the true link in the email you got is to that name. It probably is something like this: http://www.bankofamerica.com/where the display says bankofamerica correctly spelled, but the actual link is to something different.There are some internet scams now that link as I described, and then the bogus page you really go to executes some code the rewrites the address bar to what you expected to see...scary.

[ColonelPanic]

Quote, originally posted by silver_vibe »imho - I don't think the true link in the email you got is to that name. It probably is something like this: http://www.bankofamerica.com/where the display says bankofamerica correctly spelled, but the actual link is to something different.That's gotta be what it is... I clicked the link for Bank Of America and it goes right to the proper domain, also ran the fraud check that Opera 9.10 has and everything came up clear.There's no reason that I can think of that a scammer would want you to go directly to the actual site and not theirs where they can steal your info... They'd have nothing to gain by that.

Attached files

[silver_vibe]

Quote, originally posted by joatmon » if you suspect that a certain URL is a link to a phishing site, a virus or spyware, illegal, or anything else that people should not click on, then it seems like general courtesy to not post the suspected link. While most of us should be smart enough to not click on it, someone might, so it would probably be good to edit the post to either remove the link, or have it link to somewhere safeSorry, I should have clarified what I did...the link text I posted says Bank of America but if you click it, it goes to Wells Fargo. I was demonstrating that just because links appear to be spelled correctly, you don't know for sure where they go and they may still be malicious. EDIT: Oops, I just realized you were replying to vibebob and not me.

[scott_h]

Quote, originally posted by northvibe »They can easily spoof the "From" email to look just exactly like the real bank of america or whatever they are trying to spoof but if you reply it would go to their email... Nearly anyone using a non-web browser could do that. In Outlook for example, you enter your display name - typycally you would put in First Last. That is the name that displays as the sender when you send an email. But that is just a free text field - you can type anything you want. I could put bill.gates@microsoft.com in mine, and it would work fine. If they reply, then it would send to my actual email address, not the text field for the person's "name" (which I made LOOK like an email address, even though it wasn't). As someone else mentioned, anyone with minimal HTML knowledge can "trick" with a web address. When you code in HTML, you type the actual URL and also a text description that doesn't "mean" anything. If you make the text description a URL for a legitimate company, you can code the actual URL to go to your own site. Both are extremely easy to do without learning how to "spoof".Any time I get an email from a company with financial ties, I manually log into my account, NOT using the link from the email. If they need me to do something, it will say in my account page(s) - even if I don't link from the email.

[joatmon]

Quote, originally posted by silver_vibe »EDIT: Oops, I just realized you were replying to vibebob and not me.my comment was a general thing, noit directed at anyone. I did not think that the links posted in this thread would take an unwary clicker to some malicious site, they seemed reasonable to me, but it was a general comment.like, it would be bad to post something like if you go to http://some.hacker.site.com it auto loads a drive wiping virus, so don't go there!but I thought that all of the links in this thread so far had been deliberately written to link to safe sites (or as safe as any )sorry for the confusion, wasn't accusing or chastising anyone

[vibebob]

sorry for the gaff. What really threw me with this phishing is that I had used MBNA shop safe to order something over the internet this past weekend and then I get the email.

[joatmon]

a year went by...................................Today I got two phish emails. The interesting thing about them is that they were both to the email address I posted here for MotM, and this is the only place that I posted that email, so the word of caution is not to post an email address here, or anywhere on the publicly viewable intrawebs, unless you are willing to get spam and other less innocent emails at that accountThe links in the emails were both to the same .com website. I forwarded the original emails to reportphishing@antiphishing.org. Here are the two emails (with only simulated links)Quote, originally posted by "Account Information Update" »Dear USF F.C.U. Customer,Due to our last days online problems, many phishing attempts and identity-theft, we need to verify our members accounts information. This security method is intended to help you protect yourself and your accounts from internet fraud. We are sorry for any inconvenience caused by our online servers, but we require you to update your profile as soon as possible by clicking on the following link:Click here to validate your accountBy completing our online form your are in accordance with our Terms of Agreement and your online access will be continued as normal. Thank you for taking your time!Sincerely,USF F.C.U. System Security Dept. Manager,Joseph Scott.Please do not reply to this notification email as it will not be reviewed.Copyright USF F.C.U. System, 2007Quote, originally posted by "Your MasterCard Credit Card Status = Declined !" »Dear MasterCard Member,For the User Agreement, Section 9, MasterCard may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your Credit Card and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. Our terms and conditions you agreed to state that your service must always be under your control or those you designate all times. We have noticed some unusual activity related to your service that indicates that other parties may have access and or control of your MasterCard Credit Card. We recently noticed one or more attempts to log in to your MasterCard Credit Card service from a foreign IP addressIf you recently accessed your service while traveling, the unusual log in attempts may have been initiated by you. However, if you did not initiate the logins, please visit The Farmers Bank homepage as soon as possible to restore your account status.The log in attempt was made from - ISP host : c-64-154-34-134.hsfgd1.il.comcast.netTo restore your Credit Card status please click here or click on the link below:https://some official looking mastercard url/update.htmThank you for your prompt attention to this problem. Review Team apologize for any inconvenience. This is a security measure meant to protect you and your account.Regards,MasterCard Security Team.

[Whelan]

I'll keep an eye out for these. Typically if I get something like that, first thing I do is go online and check my accounts, cause they would have already been affected had they sent me notice.