Evil phishing attacks

Today I got a phishing email trying to bait me into logging in on "Bank of America". Nothing out of the ordinary... But the scary part is, the bogus log-in link actually had the correct (apparent) URL, www.bankofamerica.com, when I hovered the mouse over it.

Now, I can generally trust myself to recognize phishing emails (or so I like to believe). But I do not like the idea that someone could spoof an innocuous looking address, and thereby fool me into clicking on an at best malicious or at worst illegal link. How can I protect myself against that sort of exploit?

(Seamonkey 2.0.4 FWIW, on Windows XP SP3, LUA + SRP)

 

I'm thinking less about phishing than something like this (for example):

- New Wilders member posts a link that apparently goes to an independent firewall test.
- However, said link is actually to a Google search for something very illegal; the URL is spoofed so it looks like it goes to a legit web page.
- People click on the link. Needless to say they pretty quickly realize they've been duped, but by then the packets have already been transmitted, and the police and FBI are (wrongly) on their case.
- By the time the authorities have figured out what happened, people have lost their jobs and maybe even wound up in jail.

Lest you think this ridiculous, I've seen forums where similar stuff has happened courtesy of e.g. TinyURL. Granted that a smart user won't click on an unidentified TinyURL link or whatever, URL spoofing of the kind I suspect here would make that more difficult to detect.

 

Meanwhile, the plot thickens...

Viewing the email as text only shows that the link does in fact go where it's supposed to. Supposedly, anyway. The URL is click.emcom.bankofamerica.com, which according to some searching may be legit, and does seem to be in BoA's domain.

Maybe the phishers have figured out a way to spoof GMail itself somehow? Or perhaps it's DNS cache poisoning on my ISP's end, in which case I could be in hot water.

The other possibility, of course, is that someone at BoA just got the brilliant idea of sending spam-liked emails with suspiciously repeated "Sign In" links to the bank's clients. This is the simplest answer, but somehow I strongly doubt it to be the case.

 

@Gullible Jones

Not quite sure what's going on with that link, but even with scripting and cookies enabled in FF, all i see is this



Completely white page except for that, and nothing after 5 secs, and the Go to your link doesn't work as it's not a real link ?

 

Hmm me too now. Though IIRC it was followed by an index.php and tons of gibberish.

Oh one more thing! Now that I think about it, the original link was certainly phishing - I tried opening it up (sandboxed), and it was HTTP... The real BoA site is HTTPS straight off the bat.

 

More info here http://www.dslreports.com/forum/r21696542-Phish-New-phis-for-BoA

http://answers.yahoo.com/question/index?qid=20080717112229AASbzaX

Some of it conflicting i'm afraid

Might be a good idea to phone the bank and ask about the link/s and email. You could always change your PW for now, just in case.

 

It wasn't the W-9 form one... It was something about a monthly statement by email, which I hadn't asked for and hadn't received before. And it had numerous links supposedly going to the sign-in page of BoA's website, which is why I think it was phishing - BoA is not supposed to do that, ever.

 

Without seeing the actual email and/or the HTML code, all is speculation.


----
rich

 

Hi

I get Fake Bank Emails all the time
Think I've probably had one from just about every British bank in existence.
Some of them have extremely convincing email address
So!
How do I know they are Fake?
Coz...
Lucky for me ( Sort Of! ) I don't have any money

I've Just Learnt To...
1) Stick um in the Spam Bin
2) Delete Them
3) Forget about it

Zeena

 

Phishing emails from "banks" are quite common ... as Ronjor pointed out, most if not all banks make the point that they'll never contact you by email except, in some rare cases, for promotional offers.

Probably the funniest thing about them is that the vast majority of them are supposedly from banks I know darned well I've never done business with, and there's no question about trashing those. In rare cases I'll get one that looks to be from my real bank, and I'll forward those to their security people since whoever's sending them seems familiar with details of the bank's procedures and departments.

 

With tools like Prevx SafeOnline or Trusteer Rapport which both can protect against so called "Man in the Middle" attacks.

Exactly, I don´t trust these kind of emails anyways, so I don´t even need no "baby sitting" tools that protect against Phishing and Pharming.

 

In my email I have got a lot of phishing mails from World of Warcraft account ( I dont have something like that). Just dont read and delete it.