Bank of America fraud attempt Heads Up

Discussion in 'other security issues & news' started by StevieO, Mar 15, 2006.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Go this today on Hotmail.


    The sender of this message, notice@Bankofamerica.CoM, could not be verified by Sender ID. Learn more about Sender ID.

    From : Bank Of America <notice@Bankofamerica.CoM>

    Subject : Account Blocked

    http://img89.imageshack.us/img89/9089/boa10bk.png

    Went to hxxps://www.bankofamerica.com/cgi-bin/ias/GotoReset

    http://img89.imageshack.us/img89/8757/boa23xw.png

    What's unusual i find, is that the https from the official one is the exact same one which shows the error page !


    StevieO
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Here is an analysis of the email

    "However, the link is the most interesting object here. It uses a weakness in the bankofamerica.com site. There is a page there, that would redirect to a URL passed to it. This enables scammers to form a link, which looks like it points to the legitimate site (and in fact, it does!), but passes the scam URL to the redirect page (practically pasteing the scam link after the legit one). To make the phish URL unrecognizable, the scammers have encoded it. This way, the link is functional, but the scam URL is unreadable to a human inspection."

    Pretty clever!

    Opera flagged the Security Certificate.

    ---
     

    Attached Files:

  3. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi Rmus,

    Does this mean that the've started up again an exploit that's been dormant for a while, as the link shows the one on there from last year ?

    Thanks for the explanation and info/link.


    StevieO
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello, SteviO,

    I don't know - I was also surprised to see last year's date.
     
Loading...
Thread Status:
Not open for further replies.