Recently we began tracking phishing schemes targeting US financial institutions in greater depth.  Here is a quick run down of the larger phishing schemes targeting Bank of America during the last two weeks:

The first sample phishing scheme spoofed the email address “online@bankofamerica.com” and had the subject line “Alert Message”.  The attack reached 5.65% of our AOL email panelists.  AOL delivered the email to the inbox instead of the spam folder for 82.6% of recipients.  After this one send, the same attack was not repeated through May 24.

The second sample phishing scheme spoofed the email address “service@bankofamerica.com”.  Starting May 15 we recorded repeated attacks each day through May 24.  The attack was focused on gmail users and reached as many as 0.3% of our gmail panelists on May 15.  Over the course of the next week the phishing scam continued to be received, reaching 0.27% of gmail panel users on the 16th, 0.21% of panel users on the 17th, and continuing to decline.  Gmail successfully placed 100% of the emails in the spam folder and none in the inbox.

The third sample phishing scheme spoofed the email address “security-alerts@bankofamerica.com” with the subject line “Important Security Update”.  This phishing attach was detected on May then again on May 23, and it targeted AOL, Gmail and Yahoo users.  On May 20th it reached 0.71% of our AOL email panelists and AOL successfully placed the emails in the spam folder for 94% of recipients.  On the same day it reached .02% of our Gmail panelists and gmail successfully put in spam folder for 100% of recipients.  0.13% of our Yahoo panelists received the email, and Yahoo correctly placed the email in the spam folder for 98% of recipients.

Overall Email Data Source recorded 46 email phishing scams spoofing email addresses ending with @bankofamerica.com during the May 15 to May 24 period.  Indeed the majority of email traffic from this sending domain was phishing attempts.  Other Bank of America sending domains, such as emails ending with @ealerts.bankofamerica.com also saw phishing scams, but at a far lower rate.

 

Comments are closed.