Home > IT Security > E-mail Scam using Bank of America

E-mail Scam using Bank of America

Bank Of America Security Team -update@yahoo.com-
date Sep 16, 2007 9:38 PM
subject *** Bank Of America Important Notice ***

We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us.

If this is not completed by September 18, 2007, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes.

We thank you for your cooperation in this manner.To confirm your Online Banking records click on the following link: http://65.86.132.114/sslencrypt218bit/online_banking/

Thank you for your patience in this matter.Bank of America Customer Service

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.

Cool! I didn’t even know I have a Bank of America account! Learnt something new today!

“Woohoo, we’re rich!”

This is, of course, a scam trying to get me to enter my (nonexistent) Bank of America account login information.

“Bah!”

Plus, even if I did have an account there, I can’t imagine having any money on it at all.

Regardless, there’s absolutely no way this can be real, based on the fact that:

  1. Organizations worth their salt would never tell you to do this, ever.
  2. And even if they did, then certainly not using some crappy IP domained (65.86.132.114) website, through a non SSL encrypted (http://) connection.
  3. Nor use a totally inappropriate e-mail address like update@yahoo.com when you’re the Bank of America.

Here are some rules to live by…

  1. Never click on these links, that includes when you’re logged in somewhere important (in this case, your Bank of America accounts). It may compromise your session/activity! *
  2. Certainly do not click on these links and input your account login information.
  3. Always go through the trusted SSL encrypted websites.
  4. Double check the URL and confirm it’s the right URL “address”! URL’s are significantly much harder to fake (if at all possible) than email addresses.

*To be fair, if it’s SSL protected, like I imagine Bank of America accounts are, then it doesn’t matter much if you do click on them. Sites that are not protected by SSL, however, can actually have their sessions compromised if you enter certain sites while in an unprotected session (even when using different browsers!). Also, as sites have software to get information from their visitors, going to such a site would mean you’re leaving your fingerprint behind, such as: Operating System information, IP address, how secure your ports are (the entrances and exits of your computer) and more. That’s obviously not a good idea. They may have spammed your e-mail, but that doesn’t mean they know much more about you than your e-mail address. So not clicking on such sites is the safest, for many important reasons.

In addition (if still in doubt):

  1. Go to the website (make sure it’s the right URL “address”) to see what is up. They WILL have something to tell the clients what happened and what they should do in case of an emergency.
  2. So check the website, check the support section, get the real e-mail support address and e-mail them just in case.
  3. There’s no way they wouldn’t let you e-mail them back if there’s no information on their sites/forums wherever.

These kind of scams, mistyping, phishing attacks etc. are the main reasons people end up on the wrong websites and get scammed. So always be watchful, as every rose has thorns. The World Wide Web has never been, still isn’t nor will it ever be an exception in that regard.

I see that a lot of peeps are actually Googling the IP address (65.86.132.114). While that can obviously help a great deal, because it will give you some sites that can tell you more about it (like mine), more than often, it doesn’t do much in finding out who’s behind this.

Disclaimer: I personally cannot recommend you taking the actions that I’m going to describe next, as the above steps I described should be more than enough to avoid this mess and alert the right people to take action.

However, if you do wish to know and do more, then you can use your Windows OS tracert command to get more information. There are also sites that you can do this from (in fact, highly recommended, because then it would be that much harder, if not impossible, to trace it back to you). I’ve tracert the IP address of this scam site and it gave me this:

65-86-132-114.client.dsl.net (65.86.132.114) 477.055 ms 477.306 ms 475.534 ms

Which means that this site is somehow connected to the ISP called DSL.net. I took the liberty to e-mail their support section and asked them to check it out, as one of their clients/accounts is obviously involved in this scam. If you ever run into a similar situation, and you do wish to see what their ISP is, this is something you should consider doing. It usually gives you enough information to reach a ISP and see what they can find.

But remember, depending on whom you’re trying to trace, it’s possible that they have software that can detect what’s happening and who’s doing it to them. So given that particular risk in this context, I can’t really recommend anyone doing this, especially the newer computer users.

Or maybe I’m just being paranoid. We’ll just have to see.

Advertisements
Categories: IT Security
  1. September 17, 2007 at 5:42 AM

    Great talk & neat advice here.
    Weldone.
    Cheers.

  2. Zeke
    September 17, 2007 at 10:14 AM

    Yeah, I just received the same email, I am actually a Bank of America customer. I already sent them the email and a screenshot of the page.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: