Wow. I used to get messages asking about sites like this one from my friends and family, but they weren’t quite so convincing. This phish is flapping.
Supposedly, my bank just contacted me 10 minutes ago about a problem with my account. Here is the message:
Subject: Bank of America Account Review Department !
“We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us.If this is not completed by September 16, 2007, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. To confirm your Online Banking records click on the following link: hxxp://64.xx.72.1×7/www.bankofamerica.com/index.htm“
Oooo this message looks urgent, I might not complete it by September 16th…when I click on the link from a system in our lab (do not do this from your system), the site my browser is directed to looks like an exact replica of the Bofa site. However, this site is not hosted by the Bank of America (a clue is the ip address used in the URL). But it is happy to take my banking username and password!
Lesson to be learned here — just like answering the phone, don’t give out information to anyone just because someone is asking you for it.
DO NOT visit the site, DO NOT provide your username or password:
ThreatFire™, features innovative real-time behavioral protection technology that provides powerful standalone protection or the perfect complement to traditional signature-based antivirus programs.
ThreatFire's patent-pending ActiveDefense™ technology offers unsurpassed protection against both known and unknown zero-day viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware.