Hackers are targeting bank of America’ customers with a phishing campaign – If you are a customer at the bank of America DO NOT click any such link.

Cybercriminals can send you a fake Bank of America website link in an email or through a social media account. Once you will click the link, it will redirect you to a page which is somehow similar to the original looking bank of America website. 

The URL is located at 74(dot)208(dot)43(dot)206/html/E-Alert(Dot)html, which is actually controlled by cyber criminals waiting to get hands on your personal information. 

bank-of-america-phishing-link-stealing-customers-personal-data

Once there, the message on the page will ask for following things:

“We need you to verify your account information for your online banking to be re-activated” and then goes on asking the user to “click the download button to receive your verification file” and then open it in their browser. However, here, downloading this file will actually take you another webpage:

Alertfb(dot)pw/site/IrregularActivityFile(dot)html.

People are fooled into entering personal information as requested by this page. The page pulls off useful information such as the Online ID and passcode, name, social security number, email address and password, drivers license number, Date-of-birth. Moreover, to complete the form, the user must answer three security questions and provide payment information or address.

See Also: Most Sophisticated Malware Campaign Targeting Diplomats, iPhones, Android, and PC.

This is surely more than enough information to give to a scammer. If anyone recalls being encountered by such a page, immediately contact the bank. The website has broken images and the URLs that appear are in no way similar to the original BoA URLs and hence this may prevent many banking calamities.

Also, the site which asks for personal banking information is being flagged by Chrome for phishing and this will further reduce any harmful activities, according to MalwareBytes.

There will be updates posted through different browsers, but as for now, look out for what you click and be wary if you see any of the two URLs appear in an unnoticed email.

Featured image via: TechRanger | 

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.