Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Analysis of an online phishing attack targeting Bank of America customers

The attack begins with a message that comes from a spoofed “Bank of America” sender (such as: [email protected], or [email protected]). See sample below (note the very advanced date):

The attached file, BillingVerification.exe, is a self-extracting archive which contains and automatically loads an html page in the recipient’s browser. The file saved on the local drive is:


The loaded page imitates the real Bank of America site by using images and logos sourced from the original site. The fake page also gets its stylesheet from the original site to make sure it more closely resembles the real site (see HTML below):

For your convenience – spot the differences between the real and phishing Bank of America pages below:

1. Original Page

2. Fake Page

The phishing page requires the usual personal information including account and online information as follows:

When submitting the page (after filling out all the required information), users will no doubt be surprised at the result – the next page to load will be: hxxp://, (not really related to the Bank of America).

The email attachment is detected as HTML/Bankish.NZ by Command Antivirus.

Keep your online accounts safe.


You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...