I just received a phishing email this morning. It was crafted to look like it was coming from Bank of America.
Here’s what told me it was a phishing attempt: <edited content between angle brackets>
It came to an address that Bank of America would not have for me. I’ll post an article on how that works later.
The “From” address was goofy – it had two “From” addresses which is not normal, – one of them was a “null” address and the other was crafted to look like Merrill Lynch, but it was actually a forged from address <subscriptions at ulstertatler dot com>
The link in the body of the email went to a website other than Bank of America: < http://shusil dot com/-removed-/ > My guess is that < shusil-dot-com > has been compromised and the specific “page” on that website has a malicious payload.
It referenced a bogus large transaction, crafted to make me freak out and click on the link to find out what is going on.
Here’s the body of the email (link removed):
———————–
< Bank of America logo >
Paul McKinley,
This letter is to inform you, that you sent an instant payment of $3591.49 to <bogus address>.
Allow up to 10 minutes for a transaction to appear.
Get your transaction confirmation here.
Thank you for using Bankofamerica.The strength to be there
Respectfully,
James Wilson
———————–
Be careful, and be safe. If you have any questions about a suspicious email, Team Veritas can help. Just call or email us, or use the contact form on the TeamVeritas.com website.