Bank of America Phish


More and more banking is happening online, with alerts being sent via email. And this legitimate form of banking business has engendered the reverse darkside, phishers who aim to slip in their messages to try to take advantage of unwary end-users.

I just wanted to share a sample phishing message that looked so real even I did a double take:

What makes it look real:

  • The phishers probably took a legitimate Bank of America template and simply swapped in their own text and links, so the logo and format look nearly perfect.
  • They even include the standard Bank of America security jargon, like “Always look for your SiteKey…” and warnings like “because email is not a secure form of communication…”

What gives it away as fake:

  • phrases like “no need for you to panic”
  • grammar and spelling mistakes – “their” instead of “there,” “due to you protection,” etc.
  • stray HTML tag at the bottom “body>”
  • hyperlinks to non-Bank of America domains

Go back