The Trend Micro Content Security Team has encountered a phishing attack similar to what affected the Bank of America and Comerica recently. The scheme, which involves a malicious digital certificate supposedly downloaded from a link found in the spammed email, is now used to fool Merill Lynch Business Centre customers.
Below is a screenshot of the spammed email message:
The visible link in the said email is a hypertext string that leads to the phishing URL
programs.dvppserv.1291logon.info/WCMALoginEA.htm. The said URL poses as the Business Centre’s home page.
Clicking on the said link connects users to a URL where they are prompted to download a required “digital certificate.” However, the phishing site is already inaccessible as of this writing.
Sunbelt also warns users in their blog that this scheme is highly likely being used for other schemes as well.