Discussion:
Bank of America
(too old to reply)
C.D. Koger
2007-01-19 19:42:34 UTC
Permalink
Today I received a mail from ***@linux.site requiring me to update my
account with Bank of America. The link provided is
href="http://61.242.253.106/r.htm">http://www.bankofamerica.com/sas/sitekey/
profile/step1.htm and the promise is "Note: We will be upgrading our yearly
SSL EncryptedServer to prevent fraudulent activity.
Since I have never in my life done any business with B of A, I assume that
61.242.253.106 is not the bank's DNS and that this is what they call
'phishing'. Am I right? Very transparent for me, maybe less if you really
have an account there.

Cornelis Koger
Jack
2007-01-19 20:23:57 UTC
Permalink
my account with Bank of America. The link provided is
href="http://61.242.253.106/r.htm">http://www.bankofamerica.com/sas/sitekey/
profile/step1.htm and the promise is "Note: We will be upgrading our
yearly SSL EncryptedServer to prevent fraudulent activity. Since I
have never in my life done any business with B of A, I assume that
61.242.253.106 is not the bank's DNS and that this is what they call
'phishing'. Am I right?
Yes. I'm surprised thaat you've only recently realised this, as I
believe you've been lurking and posting here for quite some time.
Very transparent for me, maybe less if you really have an account
there.
I can't imagine anyone who's had an email account for more than six
months failing to realise that essentially all such emails are
password-phishing frauds. Therefore I presume that the targets of these
attacks are (a) teenagers operating their first bank-account, and (b)
people who are very new to the internet (do such people exist???). And I
would have thought that most teenagers were already wise to email fraud;
so it beats me how anyone falls sucker to these people.

On a related note: one of my own banks has particularly good online
security, with rather detailed id-checking and so on. And yet they do
regularly send me email, which I don't want (it's nearly always an
attempt to cross-sell me insurance or something), and which therefore
gets mixed-up with my spam. How do they expect people to show the
necessary wariness about unsolicited banking email, and then go ahead
and send *real* unsolicited banking email themselves?

I've told them off about this, and I no longer get these messages; but I
doubt they've extended the coutesy to the rest of their customers.
--
Jack.
http://www.jackpot.uk.net/
C.D. Koger
2007-01-19 21:17:51 UTC
Permalink
Post by Jack
my account with Bank of America. The link provided is
href="http://61.242.253.106/r.htm">http://www.bankofamerica.com/sas/sitekey/
Post by Jack
profile/step1.htm and the promise is "Note: We will be upgrading our
yearly SSL EncryptedServer to prevent fraudulent activity. Since I
have never in my life done any business with B of A, I assume that
61.242.253.106 is not the bank's DNS and that this is what they call
'phishing'. Am I right?
Yes. I'm surprised thaat you've only recently realised this, as I
believe you've been lurking and posting here for quite some time.
I've seen far clumsier attemps than this one. The site itself looks quite
legit, with the proper logo and copyright notice, the only tell tale is the
http. And maybe the veeery slow loading speed of the page when compared with
bankofamerica.com.
It can't be to difficult to apprehend these guys though.
Post by Jack
Very transparent for me, maybe less if you really have an account
there.
I can't imagine anyone who's had an email account for more than six
months failing to realise that essentially all such emails are
password-phishing frauds. Therefore I presume that the targets of these
attacks are (a) teenagers operating their first bank-account, and (b)
people who are very new to the internet (do such people exist???). And I
would have thought that most teenagers were already wise to email fraud;
so it beats me how anyone falls sucker to these people.
People new to the internet do exist. And worse: I want to buy a new car and
tried to contact a local dealer who treated me decently in the past. But
they have no email adress, only phone and fax.....
Post by Jack
On a related note: one of my own banks has particularly good online
security, with rather detailed id-checking and so on. And yet they do
regularly send me email, which I don't want (it's nearly always an
attempt to cross-sell me insurance or something), and which therefore
gets mixed-up with my spam. How do they expect people to show the
necessary wariness about unsolicited banking email, and then go ahead
and send *real* unsolicited banking email themselves?
You are right. My bank sent mail about new new stock funds, but with a 'no
more please' button that really worked. When quiried they said that the
investments dept. is a seperate company with it's own rules.

Cornelis Koger
Post by Jack
I've told them off about this, and I no longer get these messages; but I
doubt they've extended the coutesy to the rest of their customers.
--
Jack.
http://www.jackpot.uk.net/
Loading...