Another phishing emails been observed by Stop Malvertising and targeting Bank of America customers. The email includes bank logo and asks users to open and fill an HTML attachment to regain access to their financial account. The email looks as follows:
Screenshot for the phishing email by Stopmalvertising (click to enlarge)
We have detected irregular activity on your account on the date 01/04/2014.
For your protection, we have temporarily limited your account
In order to regain full access to your account, you must verify this activity before you can continue using your account.
We have sent you an attachment , open it and follow the steps to verify your account.
Once completed, please allow up to 24h to update.
We are sorry for the inconvenience.
The interesting in this case that the email do not contain an HTML link but cyber-criminals attached instead an HTML form that may take victim out from the email message.
This form loads an external Java script from www.eetkroegmanu.be that belongs to cyber-criminals to grab all victims sensitive information. the attachment still uses images exported from the Bank Of America website this to trick users and make them submit the information.
Normally there is no bank will ask customers to send or submit personal information online or by email so you need to be cautious.
To protect yourself always be sure to verify the email source and never respond to suspicious emails. Use an advanced security solution that will scan and filter malicious emails that may contain malwares or phishing content. Anti spam will have the signature for most reported phishing template to filter them at an early stage.