Many moons ago when phishing scams were first cast they were easy to detect. The bait was rank with punctuation and spelling errors and the emails were typically all text. You viewed the email from Bank of X, cocked your head to the side and then easily dismissed it as chum.
Surprisingly phishing has continued to proliferate but in more sophisticated forms. According to RSA phishing scams still circulate as one of every 400 emails sent. The issue is not simply the volume, but the new lures implemented.
Here is recent example of email phishing using a fake Bank of America email notification.
What jumps out at you? It looks pretty legitimate. It is an email that seemingly came from BoA’s customer service group notifying you that a message is waiting. It has all of the branding a BoA email would contain. The scam offers reminders about security, “Remember, always look for your SiteKey before you enter your passcode during Sign In.” They have disclosures and terms of use at the bottom of the email. HOWEVER each of the hyperlinks will take you to the fraudster’s site where you would unwittingly enter your Bank of America credentials. Once that is done, they have your login and password to your bank account.
How to evade getting hooked…
- Go Slow! Do not click on any links in an email like this until you really investigate it. You can scrutinize it by looking for the dots (…). One of the best ways to see if this email is legitimate is to look for the domain of the URL that is associated with the links at the end of the dots.
How to do this: RIGHT click on the link and copy the link into Word or a text document. Look for the domain. Make sure the domain is consistent with the company where the email supposedly originated.
- EXAMPLE: Find the last domain here, i.e. look for bankofamerica.com, but make sure it is the last domain listed. Be careful, it is the last domain that matters.
http://www.bankofamerica.com.sas.signon.do.detect.2.signin.sessionid.
rmrlfbqjlokcjpczgs.oxcvsvcpdsoeeseytje.yucfnjtidbvnujxrwjmsea.zydyilpnchtjrriiszti.zydyilpnchtjrriiszti.zydyilpnchtjrriiszti.zydyilpnchtjrriiszti.nuyovbuskl.bernadinec.com/index.php?pageType=708XeMWZamp;cust=redacted@redacted.redactedamp;l=lWXS3AlBXVShqAhQRfhgTDrf=/sas/signon.do?SignIn&SMSESSIONID=ASERTFGUY2I94O0389GYBH23JNMKUYH83JMN12I90U82HJNASDKOASD9AS8D&iv=90832yhIopOWjos
Did you find it?
http://www.bankofamerica.com.sas.signon.do.detect.2.signin.sessionid.
rmrlfbqjlokcjpczgs.oxcvsvcpdsoeeseytje.yucfnjtidbvnujxrwjmsea.zydyilpnchtjrriiszti.zydyilpnchtjrriiszti.zydyilpnchtjrriiszti.zydyilpnchtjrriiszti.nuyovbuskl.bernadinec.com/index.php?pageType=708XeMWZamp;cust=redacted@redacted.redactedamp;l=lWXS3AlBXVShqAhQRfhgTDrf=/sas/signon.do?SignIn&SMSESSIONID=ASERTFGUY2I94O0389GYBH23JNMKUYH83JMN12I90U82HJNASDKOASD9AS8D&iv=90832yhIopOWjos
The last domain here is bernadinec.com which is not BoA, so we know that this is not legitimate. They try to trick us with that very first part of the URL where they write http://www.bankofamerica.com.sas.signon. That is purposely misleading.
- When in doubt, type it out.
- If you are not sure, always go to a new browser session and type out the address of the site where you want to go, e.g. bankofamerica.com
- Last resort - trash it
- If you are still unsure, trash the email and either go to the website as noted above or call the bank. Clicking on unsecure links can be a very expensive. The RSA estimates each victim of phishing to lose in the range of $5,000 US.
No one longs to be a trophy fish stuffed and mounted on a criminals wall… Be smart about what you click on in these suspicious emails. Go slow, view the URL/Domain and see if it looks right.
