Look at this Bank of America email here. Is it a phish?
No, it’s real. I got this sample from phishing guru Lance James over at Secure Science, and he sums it up quite well:
Ok, BofA, shame on you, this looks like phishy spam to me. Note the link you included:
http://links.em.bankofamerica.com:8083/ct/click?q=6b-8g5ZIHENsxyGOqH8niwc~ynzP6cR
Guess where it lands:
https://www.ehealthinsurance.com/ehi/Alliance?allid=Ban24050&sid=em1How is that supposed to help consumers understand legitimate links and not? This bulk mail can easily be replayed with phishing links.
Banc of America and Bank of America — I’m sure it’s legit, but do your customers know that? And are we sure we know who eHealthInsurance is? How do we know they’re not a spam site, or a malicious site?
And just because your domain is in the email doesn’t make it safe (we’ve proven that already!)
And just to add insult to injury, there is a link in the email that allows you to add other people to the mass-mailing list.
When will they learn?
Alex Eckelberry