By Joseph Raczynski, Thomson Reuters
@joerazz 

Many moons ago when phishing scams were first cast they were easy to detect.  The bait was rank with punctuation and spelling errors and the emails were typically all text.  You viewed the email from Bank of X, cocked your head to the side and then easily dismissed it as chum.

Surprisingly phishing has continued to proliferate but in more sophisticated forms.  According to RSA phishing scams still circulate as one of every 400 emails sent.  The issue is not simply the volume, but the new lures implemented.

Here is a recent example of email phishing using a fake Bank of America (BoA) email notification:

What jumps out at you?  It looks pretty legitimate.  It is an email that seemingly came from BoA’s customer service group notifying you that a message is waiting.  It has all of the branding a BoA email would contain.  The scam offers reminders about security, “Remember, always look for your SiteKey before you enter your passcode during Sign In.”  They have disclosures and terms of use at the bottom of the email.  HOWEVER each of the hyperlinks will take you to the fraudster’s site where you would unwittingly enter your BoA credentials.  Once that is done, they have your login and password to your bank account.

(more…)