<![CDATA[
]]>

Updated 23 Jan 2010: This is the latest version of Bank of America phishing scam mail as reported:

—–

This has to be a scam. I don’t have a BoA account. Someone who does should be wary.
—– Original Message —–
From: Bank of America
Sent: Saturday, January 23, 2010 10:20 AM
Subject: Important Notice from Bank of America Billing Center

Dear Bank of America customer,

We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons.

We now need you to re-confirm your account information to us.

If this is not completed by January 23, 2010, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.

  To confirm your Online Banking records click on the following link:
  https://online.bankofamerica.com/IdentityManagement/

Thank you for your patience in this matterm,
Bank of America Customer Service

— Archived —

A phishing email appears to be from “Bank of America”. We did a “View Source” on the email and found the following link:

http://www.bankofamerica.com.onlinebankingid30344740.kaswert.info/session.cgi

This is a phishing site, which is in fact a subdomain of the domain kaswert.info, and not bankofamerica.com. Unsuspecting or careless victims may often read just the first part of the link after the http:// and failed to notice the end. In fact, it is important to determine the full domain name to be safe.

The full header of the email is attached. Note that the return path or the originator email address may “appear” to come from the valid domain name. But this is not the trick. The scammers does not care if you actually reply to the email directly (i.e. press the reply button on your email client). All they want is for you to click on the link to their phishing website. The “originator” email address is just faked to make it looks like it comes from the real website. By the looks of it, the mail probably came from a compromised server in Malaysia.

Return-path: <accsupport-546519ib@bankofamerica.com>
Delivery-date: Mon, 22 Jan 2007 17:32:55 -0700
Received: from [210.5.198.149] (helo=210-5-198-149.reverse.newskies.net)
Received: from [111.225.20.80] (HELO malaysia.net)
From: “Bank of America” <accsupport-546519ib@bankofamerica.com>
X-Sender: services-778608110240609ib@bankofamerica.com
User-Agent: Pegasus Mail for Win32 (v2.53/R1)
X-Mailer: Pegasus Mail for Win32 (v2.53/R1)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
    boundary=”0R5INIL.WGUOQSTK”
Subject: [Norton AntiSpam] Please confirm your information! -Mon, 22 Jan 2007 16:32:26 -0800

Bank of America Scam Mail