Twitter Phishing Attack Targeting Bank Of America Customers
Social media is widely used for promoting news and products but at the same time it is used for malicious intent such as promoting phishing websites. over this week Malwarebytes published an article about a Twitter account claiming to be a Bank of America support that was created to assist with any issue affecting customers.
@BankofAmericaH1 is the account controlled by cyber criminal and it was used to make a Phishing Attack Targeting Bank Of America customers. The account is posting the following message: “Dear customer, as part of our security measures against fraud, we recommend all our customers perform a security check on their account now. Log in via our secured area [url removed] to secure your account. Thank you.”
Normally this will target Bank of America customer and any person will follow the URL he will be looking to fix his problem. this is not the only way that @BankofAmericaH1 account using but they are also asking followers and users to send them a DM (Direct Message) with their credentials to resolve and secure banking account.
The phishing page is not using the SSL/https for security measure so all credentials are passed to attacker in clear text format. here attacker is asking the following sensitive information Online ID, Passcode, Account Number, Complete SSN or Tax Identification Number and Passcode. When victim submit the information he is going to be redirected to original bank website.
Here it is important to note that Bank support will never ask for sensitive information such as account credentials using social media or emails. If you are looking to have a support make sure to call your bank by phone and verify the security of your accounts.