BofA Phishing Campaign
In the Bank of America campaign discovered by Armorblox earlier this month, the fraudsters sent phishing emails to customers asking them to update their email addresses. If the victim clicked on a malicious link embedded in the message, they were taken to a domain designed to look like the actual Bank of America login page, according to the report.
The domain, however, is controlled by the fraudsters and collects usernames and passwords if those credentials were inputted into the fields, according to the report.
The phishing emails were sent through a personal Yahoo account through SendGrid. The messages were also sent in small batches, which could explain how they bypassed Microsoft security tools as well as secure email gateways, according to the Armorblox report.
The phishing emails also bypassed authentication checks such as the Domain-based Message Authentication, Reporting and Conformance - or DMARC - as well as DomainKeys Identified Mail and Sender Policy Framework, according to the report.
Know more about cybersecurity consultants.
"Although the sender name - Bank of America - was impersonated, the email was sent from a personal Yahoo account via SendGrid," ArmorBlox Co-founder Chetan Anand noted in the report. "This resulted in the email successfully passing all authentication checks such as SPF, DKIM, and DMARC."
Additionally, the malicious domain used various art and design elements found on other Bank of America sites, and since the domain had only been registered as of June 1, this could have helped the phishing campaign bypass security as well, the report notes.
"Upon closer inspection, it's evident that the domain is not owned and hosted by Bank of America," according to the report. "The domain - nulledco[.]store - was created on June 1. The screenshot below shows the certificate's common name for the webpage, which is nulledco[.]store and not Bank of America."
CommentairesAucun commentaire pour le moment
Suivre le flux RSS des commentaires
Ajouter un commentaire