If you’re a Bank of America customer, be warned: there’s a phishing scam doing the rounds. Scam emails direct unsuspecting users to a clone site that says: “We need you to verify your account information for your online banking to be re-activated”.
Users who click the link are taken to another webpage, where they’re invited to fill out their name, date of birth, Social Security number, mother’s maiden name, driver’s license number, email address, email password, bank card number, card expiration date, CVV number, address, and phone number – quite an exhaustive list of information.
Christopher Boyd of Malwarebytes notes that the “second site which asks for the bulk of the banking customer information is being flagged by Chrome for phishing, so hopefully that will help to reduce the potential victim pool still further.”
If you think you’ve fallen for the scam, contact Bank of America immediately: firstname.lastname@example.org.
The bank also supplies a page of tips to avoid phishing attacks on its website.
The threat of phishing
Organizations should ensure that their staff are properly trained to recognize phishing scams, and exercise caution when clicking links in unsolicited messages.
IT Governance’s Employee Phishing Vulnerability Assessment will identify potential vulnerabilities among your employees and provide recommendations to improve your security, giving you a broad understanding of how you are at risk and what you need to do to address these risks.