New Bank of America Phishing Scheme Abuses Legit Websites

[Peaches]

New Bank of America Phishing Scheme Abuses Legit Websites

Compromised sites used as hosts and redirectors

Security researchers from Web security provider ScanSafe, which is now a subsidiary of Cisco, warn that the latest phishing scam targeting Bank of America customers is leveraging compromised legit websites. The technique is an attempt to evade reputation filters.

The rogue email message is properly spelled and well formulated. It attempts to trick potential victims by claiming that their bank account is locked due to repeated failed authentication attempts. Additionally, it threatens users that if they don't verify their account information by filling in a form, the account will be suspended indefinitely.

"Dear Bank of America Customer,

We recently have determined that different computers have logged in your Bank of America Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by July 31st, 2010, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. In order to confirm your Online Bank records, we may require some specific information from you.

To restore your account, please Sign in to Online Banking."

Full details here: http://news.softpedi...es-147956.shtml