Bank of America sends electronic Customer Forms?

Bank of America, the number one spoofed bank identity in the world according to our latest E-Threats Landscape Report, continues to be exploited by phishers around the globe. This time, the unsolicited message requires credulous users to fill in the new on-line Customer Form.

The link does not lead to the e-banking portal, but to a .co.uk registered Web page that mimics the appearance of the original Web site.

E-criminals seek to get the financial information from the unsuspicious bank customers by using the bank logo and the general formatting elements onto an alleged on-line banking enrollment routine. The sensitive data - card number, expiration date, card ID number, PIN, first and last name and e-mail address - is stolen using done1.php script.

Unlike other phishers, these e-thieves seemed more preoccupied about the credibility of their conning scheme and spent some additional time into creating a pop-up window that informs the duped users about their automatic log out and redirection towards the (real) homepage of the bank.

If one seeks for specific security elements, namely SSL encryption (Secure Socket Layer) and security authentication methods ("https" prefix and locked padlock), one will see none of them.