Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Analysis of an online phishing attack targeting Bank of America customers

The attack begins with a message that comes from a spoofed “Bank of America” sender (such as: [email protected], or [email protected]). See sample below (note the very advanced date):

The attached file, BillingVerification.exe, is a self-extracting archive which contains and automatically loads an html page in the recipient’s browser. The file saved on the local drive is:


The loaded page imitates the real Bank of America site by using images and logos sourced from the original site. The fake page also gets its stylesheet from the original site to make sure it more closely resembles the real site (see HTML below):

For your convenience – spot the differences between the real and phishing Bank of America pages below:

1. Original Page

2. Fake Page

The phishing page requires the usual personal information including account and online information as follows:

When submitting the page (after filling out all the required information), users will no doubt be surprised at the result – the next page to load will be: hxxp://, (not really related to the Bank of America).

The email attachment is detected as HTML/Bankish.NZ by Command Antivirus.

Keep your online accounts safe.


You might also like

What is Microsoft Office 365 Advanced Threat Protection?

Office 365 Advanced Threat Protection (also known as ATP and Defender) can provide your organization with advanced security features - keeping you protected from cybersecurity threats. With today's cybersecurity landscape, where new threats appear daily, if not...