Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Analysis of an online phishing attack targeting Bank of America customers

The attack begins with a message that comes from a spoofed “Bank of America” sender (such as: [email protected], or [email protected]). See sample below (note the very advanced date):

The attached file, BillingVerification.exe, is a self-extracting archive which contains and automatically loads an html page in the recipient’s browser. The file saved on the local drive is:

C:bankofamericaverificationBillingVerification.html

The loaded page imitates the real Bank of America site by using images and logos sourced from the original site. The fake page also gets its stylesheet from the original site to make sure it more closely resembles the real site (see HTML below):

For your convenience – spot the differences between the real and phishing Bank of America pages below:

1. Original Page

2. Fake Page

The phishing page requires the usual personal information including account and online information as follows:

When submitting the page (after filling out all the required information), users will no doubt be surprised at the result – the next page to load will be: hxxp://www.yourtinywaist.com, (not really related to the Bank of America).

The email attachment is detected as HTML/Bankish.NZ by Command Antivirus.

Keep your online accounts safe.

 

You might also like

Protect Office 365 Email from Ransomware

Ransomware is continually evolving. It has become the “most prominent malware threat”, with experts estimating that ransomware attacks in 2021 resulted in total damage costs of $20 billion. While there is no ransomware that specifically targets Office 365 data, it can...