E-mail scammers have recently launched two nearly identical campaigns to dupe users into divulging their bank account information and other personal data, and theyre meeting with some success.
The two scams, both of which started in the past two weeks, take the form of e-mail messages that tell recipients that there is a problem with their online banking account. The messages include links to Web sites where the recipient is asked to enter either his online banking user name and password or some other sensitive information.
In the most recent instance, customers and noncustomers alike receive an e-mail that appears to come from the Bank of America customer support department. There are several misspellings and grammatical errors, however, that make it easy to identify the message as a fake. The message arrives from custommersupport@ bankofamerica.com with a subject line reading: "Security Server Update." The text of the message includes a graphic header taken from the banks home page.
The message reads, in part:
"Dear Valued Customer,
Our new security system will help you to avoid frequently fraud transactions and to keep your deposited funds in safety.
The URL in the message points to a page that has been disabled. The IP address for the URL is registered to ISP Verio Inc.
Bank officials contacted the Secret Service to help in the investigation. "Were working diligently with the authorities to try and identify the person or people behind this," said Betty Riess, a spokeswoman at Bank of America, in San Francisco. More than 75 customers have apparently responded to the scam, and bank officials are working to change their passwords.
The Bank of America scam comes a week after news of a similar hoax involving First Union Bank came to light. The First Union scam involves an e-mail that asks recipients to go to a Web site and enter some personal information. The site, which has been taken down, also automatically downloaded a Trojan horse application onto visitors PCs.
The First Union and Bank of America e-mails seem to be sent to random e-mail addresses, similar to spam.