Understanding Phishing Scams…first hand!

In General, Security by Michael Sheehan7 Comments

This is my PSA (Public Service Announcement) for the week and it is about something pretty scary…Phishing Scams. Several years ago, I was a victim of identity theft. It was not a pleasant experience but it left me wiser and more cautious. It was done the old fashioned way of swiping some receipts and looking up some account information (local retailer). Nowadays, identity thieves have become much better in their “art.” I have first hand experience now…but I wasn’t a victim.

So, here is what happened, I received the following email:

Bank of America Phishing email
It looked much more legit than others that I have seen. There were no huge gramatical errors or spelling errors (although the writing was pretty bad). So, I figured that I would check to see if Bank of American had shut down the site yet. To my suprise, they hadn’t! Thus, it became my mission to document this as a warning for others.

So, using Safari (because I have no faith in using Internet Explorer for things like this because of ActiveX installers and such), I went to the site and documented it. It looks identical to the current Bank of America site, and all of the links (with the exception of the login section in the upper left) were valid. Here is what it looked like:

Bank of America Phishing screen #1

Take a look at the url and the domain [http://debitcc.bankofamerica.uo-s.com/secure/ ].

Note: 6/15/09 – I have been contacted by the owner of the domain who has asked that I remove his contact information. Since this post was written almost 3 years ago, things have changed so I am removing the personal details from the WHOIS lookup. Also, the domain expired a couple of years ago. My apologies for any inconvenience that this may have caused. It is, however, important to thoroughly investigate the hosting provider and domain registrar that you eventually choose. It sounds like the original owner was taken advantage of and his name potentially blemished through the acts of a 3rd party. Do note that it was not my intent to blame people, my goal with this site has always been to educate. So, from a point of education, 1) research those hosters/registrars and 2) be careful when accessing financial institution sites when clicking through emails.

Advertisement

Doing a WHOIS on that domain gets me this:

Registrant:
XXX XXXX
XXXXXXXX
XXXXX, XXXXXXXX
Latvia

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: UO-S.COM
Created on: 22-May-06
Expires on: 22-May-07
Last Updated on: 16-Jun-06

Administrative Contact:
XXXXXX, XXXX  [email protected]
XXX XXXX
XXXXXXXX
XXXXX, XXXXXXXX
Latvia
#########

Technical Contact:
XXXXXX, XXXX  [email protected]
XXX XXXX
XXXXXXXX
XXXXX, XXXXXXXX
Latvia
#########

Domain servers in listed order:
DNS2.CHARGERTEK.COM
DNS3.CHARGERTEK.COM

Hmmm. I don’t think that Bank of America is located in LATVIA! So, I went on to put in some fake information in the login screen and got to the screen that captures ALL the critical “identity theft” information. Take a look at this screenshot (click to view):

Bank of America Phishing screen #2

Clicking submit sends all of your confidential information off to the scammer! See success screenshot below:

Bank of America Phishing screen #3

So, I just figured that I would post this so that you know to be sure to never click through links sent in emails but rather go directly through your web browser. Be careful!!! I have reported this to Bank of America…so the site will hopefully be taken down soon.