Select Page

Look at this Bank of America email here.  Is it a phish? 

No, it’s real.  I got this sample from phishing guru Lance James over at Secure Science, and he sums it up quite well:

Ok, BofA, shame on you, this looks like phishy spam to me. Note the link you included:

http://links.em.bankofamerica.com:8083/ct/click?q=6b-8g5ZIHENsxyGOqH8niwc~ynzP6cR

Guess where it lands:
https://www.ehealthinsurance.com/ehi/Alliance?allid=Ban24050&sid=em1

How is that supposed to help consumers understand legitimate links and not? This bulk mail can easily be replayed with phishing links.

Banc of America and Bank of America — I’m sure it’s legit, but do your customers know that? And are we sure we know who eHealthInsurance is? How do we know they’re not a spam site, or a malicious site?

And just because your domain is in the email doesn’t make it safe (we’ve proven that already!)

And just to add insult to injury, there is a link in the email that allows you to add other people to the mass-mailing list.

When will they learn?

Alex Eckelberry


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34