A phishing email uses a novel-sounding concept that can sound alarming enough to get unsuspecting users to click on the available links and land themselves in danger.
Trend Micro Content Security team recently came across a Bank of America phishing site which shows users that their online accounts are recently “logged on from an unregistered computer using a foreign IP without an International Access Code (IAC).” Here’s a screenshot:
Figure 1. Newly discovered page warning the user of a possible intruder attempt at accessing his/her accounts.
When the verification link is clicked, the page opens a new window containing the phishing page. Users who have fallen for the breach alert will be more than willing to enter their credentials into the login page which, of course, turns out to be absolutely fake. Here is a screenshot of the phishing page:
Figure 2. The verification link in Figure 1 leads to this Bank of America phishing page.
A familiar but still effective phishing technique lends a false sense of credibility to this attack: the use of address bar spoofing to hide the real phishing URL. As seen in the screenshot below, checking the Properties of the phishing page (by right-clicking anywhere on the phishing page and then clicking Properties) shows that the real URL is different from that displayed in the URL address bar.
Figure 3. The URL of the phishing page in Figure 2 is fake. Here we see the real phishing URL in the page’s Properties section.
Users are reminded that banks have never been known to register their clients’ computers to their online banking systems. Although we have yet to see specific spam messages pointing to the site in Figure 1, an attack leveraging these made-up sites will not be too long in coming. Trend Micro Smart Protection Network already blocks this phishing Web site.