They are good. The Bad Guys, I mean. They create official looking emails that look exactly like your banks email. But, of course, since they are 'Bad Guys', any info you give doesn't get to the bank. Well, eventually it does when they use YOUR info to get YOUR money.

Here is the latest example I received last week:

Bank Of America Alert: Online Access Suspension Message

Bank of America Higher Standards
(note the official logo coming directly from the bank's website)

 

 

This looks so good. And if I had an account with Bank of America, I might be tempted to follow the instructions. It looks simple enough. Just follow the link they give me that goes to their website.

Whoops. The MailScanner noticed the link doesn't go where it says it goes. If I clicked on the link, I would be brought to a web page that looks EXACTLY like the official bank site. Enter your password info, and you might even log in to the real bank. But, since you are on the fake site, the Bad Guys get your info, and your money.

If your email provider doesn't have MailScanner, or something similar to help detect these bad links, then be extra careful. Better yet. If you ever get an email from your bank, or paypal, or ebay or any sensitive info site, don't follow the link in the email. Instead, go to their known website directly.

 

Great phishing example:

From: Bank Of America Alert [mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.]
Sent: Thursday, March 08, 2007 8:32 PM
To: sevensages.com
Subject: Bank Of America Alert: Online Access Suspension Message®

Bank of America Higher Standards

Customer using a laptop for Online Banking

Online Banking Alert




Dear customer,

Your access to Online Services has been suspended. Due to a miss-match access code between your online access details most especially your Sitekey question and answer's information.To re-activate your Online account, please following the re-activation reference indicated below.

MailScanner has detected a possible fraud attempt from "eglise.ccestaque.com" claiming to be https://sitekey.bankofamerica.com/sas/signonSetup.do




Important Notice:- You are strictly advised to match your Sitekey Security Question and Answers rightly to avoid service suspension.


Bank Of America
Online Banking Customer Services



Bank of America, N.A. Member FDIC. Equal Housing Lender
© 2007 Bank of America Corporation. All rights reserved.