Shortly after writing yesterday's post on SiteKey I received two emails that claimed to be from Bank of America encouraging me to click on a link to "enroll in the SiteKey security upgrade." The fraudsters that composed this particular email seemed to have made a limited effort to understand American corporate practices, since they wrote every instance of the bank's name as Bank of America® even though a cursory analysis of the legitimate BofA site would reveal that the bank does not festoon its name with the "®" symbol.
The headers visible in Outlook were:
To: chris
Cc: chris; chris; chris
which hardly seems like BofA practice. A more detailed inspection revealed that the message had come from a Time-Warner cable subscriber, no doubt someone who's machine had been turned into a zombie and was spewing these things all over the country.
The "click here" link obscured the real target, although Outlook helpfully showed it in a tooltip as 31c5f18a7f.com, a domain in China registered to
XIN NET TECHNOLOGY CORPORATION
Administrative Contact:
ah wen
No.12 chang'an road
beijing Beijing 100001
China
tel: 86 010 20940294
fax: 86 010 24092049
[email protected]
I'll give Internet Explorer good marks for recognizing this as a phishing site, although the site already appears to be off the air.
PhishTank (Out of the Net, into the Tank) does have a screen shot what was there, which is a page that asks for so much information that it is bound to make most people suspicious: Online ID, Passcode, Location where the account was opened, Social Security Number, ATM Card Number, etc., etc. One wonders how many people they would have tricked had they been a little less obvious.