The scheme is well designed, but there are some clues that give away its true purpose

Apr 23, 2012 08:06 GMT  ·  By

[

Bank of America customers should be on the lookout these days for a cleverly designed phishing scam that tries to dupe them into handing over their online banking credentials, along with other sensitive information.

Hoax Slayer provided a variant of the scam. It comes with the subject “Bank of America Warning : Error Statement” and it urges recipients to perform a “general account update.”

The Sign In links contained in the notification all point to a Bank of America replica site where users are urged to provide banking login details. Once logged in, the so-called verification process starts, the victim being requested to enter other sensitive information that can be utilized by the fraudsters to perform illegal activities.

The email and the websites seem very well designed from a visual point of view and anyone could easily fall into the trap set by the cybercriminals if they are not careful.

In these types of situations, where there aren’t any visual telltale signs, other elements can give away the notification’s true purpose. For instance, scammers address the recipients with “Valued Customer,” or “Dear Sir/Mam” and rarely by their name.

The legitimate financial institution would surely know the name of the individual they are contacting.

Furthermore, if they are carefully analyzed, all the links from the scam emails point to other websites than the legitimate one of Bank of America. Even if other banks are involved, the rule is the same: all links must point to the official site and not some shady domains that merely resemble it.

Another important thing to remember is that banks never ask customers to give away their passwords, ATM PINs, credit card numbers, expiry dates, and other information that’s needed to make online payments and transactions.