3 min read

Bank of America on Short List of Scammers' Spam Lures

Loredana BOTEZATU

March 15, 2013

Bank of America on Short List of Scammers' Spam Lures

The dust has barely set on the Bank of America security breach, and crooks unleashed a series of aggressive spam campaigns that include the Bank of America in the title as bait.

In the context of a security breach, the name of the bank was used to catch customers’ attention, infect them with malware, have them type in sensitive data or entice them into sending money in advance for a service they will never receive.

“Online Banking Passcode Modified” invites people to click a link to reset their online banking passcode. The same template and con is entirely recycled from a similar attack in November 2012. This new spamvertised malware campaign attempts to get Bank of America customers to click a link to a webpage associated with the Redkit Exploit Kit – a crimeware tool that exploits vulnerabilities in browsers and plugins to silently infect victims’ PCs.

“Bank of America Corporate Office Headquarters” and the very recent “Payment Notification from Bank of America” spam campaigns are examples of a complicated Nigerian-like scam informing customers that their funds will be transferred to the United States Treasury Account. To have the money transferred back, the customer needs a DIPLOMATIC IMMUNITY SEAL OF TRANSFER (DIST) that costs $750. The money can be sent via WESTERN UNION or MONEY GRAM, which are untraceable payment mechanisms through which the attacker can get the money just by telling the teller the transaction number or by showing ID.

“Bank of America Alert: Suspicious Activities on your Account!” and “Bank of America Alert: Sign-in to Online Banking Locked” lure customers to a phishing page by suggesting they click a link and confirm their banking details as a security measure against alleged suspicious activity detected in their accounts. Once users type in the sensitive data, they share that information with crooks that can later use it for fraud and impersonation schemes.

Reminder: Bank of America Customer Survey” is another active scam that invites customers to participate in a survey on their personal experience using the bank’s accounts. As a (laughably useless) safety measure users who want to access the survey are invited “to simply click the link below, or manually copy and paste the address into your web browser”. The survey is just an excuse to phish for personal data.

Bank of America has been recycled in spammed scams since 2006 and used multiple times a year, for more or less the same results: steal card and identity information, infect people with malware, and unwarily recruit them into money-muling operations.

This article is based on spam samples provided courtesy of Bitdefender anti-spam team and the technical information provided by Doina Cosovan, Bitdefender Virus Analyst.

Note: All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read