You check your email only to find that your account at Bank of America has some “issues” and the only way to resolve them is to log in to your account (even if you don’t have one) and check your alerts. Seems odd, doesn’t it?
I don’t even have an account at that bank and that was my first red flag. The email looks like it was put together by a 12 year old and the links do not lead to the destination that they claim. Let’s take a look at this disturbing phishing hack.
First take a look at the title of the email: Bank of America Alert [Virus: Heuristics.Phishing.Email.SSL-Spoof]
The title mentions several unrelated topics because the email itself says that you have had too many failed log in attempts. Sure, someone could be using a brute force hack to gain access to your account but that has nothing to do with a virus, heuristics or an SSL spoof. In fact, the email itself is a spoof as it is not from Bank of America. Furthermore a brute force attack would only be allowed to attempt a log in no more than 3 times before a security measure would be implemented.
Now let’s take a look at the body of the email. The following is a word for word copy of what the phisher sent to me and has not been changed. DO NOT CLICK THE LINKS because they are fake:
*start phishing email*
Notification: Re-Enroll your Account Information
For your security, access to On-line Banking has been locked because the number of attempts to sign in exceeded the number allowed. To regain access to your on line banking, Please visit
https://sitekey.bankofamerica.com/cgi-bin/sas/enrollWithDebitCard.do?state and update your information.
Your security is important to us. If you are not aware of this situation, please contact us immediately at 1.800.933.6262.
This alert relates to your On-line Banking profile, rather than a particular account. The account listed here is for verification purposes only.
What do i need to know:
Want to confirm this email is from Bank of America? Sign in to
On-line Banking and go to Alerts. The Alerts History lists the
Alerts sent to you in the past 60 days.
Want to get more alerts? Sign in to your on-line banking account at Bank of America and within the Accounts Overview page select the “Alerts” tab.
Because email is not a secure form of communication, please do not reply to this email.
If you have any questions about your account or need assistance, please call the phone number on your statement or go to Contact Us at www.bankofamerica.com.
*end phishing email*
There were also pictures included that looked like official Bank of America content but something was strange about the links and text content. When you mouse over a link you should be able to see the destination of that link in your browsers status bar along the bottom of your screen. Since I have simply copy and pasted the content here you may not be able to see the Ayala code content that was included in the email. For example, when you mouse over the “Bank of America” link and look at your status bar there is a completely different link revealed. The link revealed in the status bar was this one:
Bank of America is now promoting inexpensive wedding ideas? I don’t think so. This was an obvious red flag as a financial institution does not promote other companies as far as I know. At this point I did click on the link and it lead me to a page that looked like an official log in page for Bank of America but it did not load completely. The text was in place but the pictures would not show up or load properly. The hacker had included links to the pictures from his local machine and any web programmer worth his salt knows that outside connections are not able to access files from the local drive that they might reside on. Therefore, the pictures will show a placement holder with a red X that denotes the file did not or could not load. Right clicking on the placement holder and selecting “load picture” produces the same result. I do this in order to make sure there were no network problems on the first attempt to load the pictures.
I sent a copy of this email to my email host, Bank of America and to the authorities so they might investigate further and catch the criminals attempting to get your private banking information. If they get access to your account they can withdraw, transfer or otherwise empty your account. Always double check your log in page address and make sure that it is the official site. If it is not the official site report it immediately so that this kind of illegal activity can be stopped. If we make things hard on the people trying to perform illegal activities perhaps eventually they will give up and get a real job like the rest of us.
If you have encountered an email or notification of this kind leave me a comment below and let everyone who reads this have a chance to identify and report illegal activity like this.