A phishing email uses a novel-sounding concept that can sound alarming enough to get unsuspecting users to click on the available links and land themselves in danger.
Trend Micro Content Security team recently came across a Bank of America phishing site which shows users that their online accounts are recently “logged on from an unregistered computer using a foreign IP without an International Access Code (IAC).” Here’s a screenshot:
Figure 1. Newly discovered page warning the user of a possible intruder attempt at accessing his/her accounts.
When the verification link is clicked, the page opens a new window containing the phishing page. Users who have fallen for the breach alert will be more than willing to enter their credentials into the login page which, of course, turns out to be absolutely fake. Here is a screenshot of the phishing page:
Figure 2. The verification link in Figure 1 leads to this Bank of America phishing page.
A familiar but still effective phishing technique lends a false sense of credibility to this attack: the use of address bar spoofing to hide the real phishing URL. As seen in the screenshot below, checking the Properties of the phishing page (by right-clicking anywhere on the phishing page and then clicking Properties) shows that the real URL is different from that displayed in the URL address bar.
Figure 3. The URL of the phishing page in Figure 2 is fake. Here we see the real phishing URL in the page’s Properties section.
Users are reminded that banks have never been known to register their clients’ computers to their online banking systems. Although we have yet to see specific spam messages pointing to the site in Figure 1, an attack leveraging these made-up sites will not be too long in coming. Trend Micro Smart Protection Network already blocks this phishing Web site.
If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!
August 1st, 2008 at 10:26 am
[...] new phishing email (via Trend Micro)that recently emerged claimed that the user’s Bank of America account was accessed by an [...]
August 1st, 2008 at 10:50 am
[...] user that they should not click on emails that contain such topics. A new phishing email (via Trend Micro)that recently emerged claimed that the users Bank of America account was accessed by an [...]
August 1st, 2008 at 3:07 pm
[...] aggressive techniques to trick people into logging in to phony websites.A new phishing email (via Trend Micro)that recently emerged claimed that the user’s Bank of America account was accessed by an [...]
August 2nd, 2008 at 3:04 am
[...] 据反病毒软件公司Trend Micro报道,最近又有新的“钓鱼”邮件自称为Bank of America(美国银行),但是它的IP地址确是一个未注册的外国地址,这就是所谓的“Foreign IP Spy”(外国IP间谍)。 [...]
August 3rd, 2008 at 1:39 pm
[...] new phishing email (via Trend Micro)that recently emerged claimed that the user’s Bank of America account was accessed by an [...]
August 5th, 2008 at 5:35 am
[...] Most of the new browsers including Firefox and Internet Explorer provide security against phishing. You can also use OpenDNS to protect your network from phishing to an extend. Spyware Doctor client also provides phishing protection. Recently Gmail started using DomainKeys, which helps to block fake eBay and PayPal emails. [via: ghacks, more at trendmicro] [...]
August 6th, 2008 at 8:20 am
[...] new phishing email (via Trend Micro)that recently emerged claimed that the user’s Bank of America account was accessed by an [...]