Select Page

Look at this Bank of America email here.  Is it a phish? 

No, it’s real.  I got this sample from phishing guru Lance James over at Secure Science, and he sums it up quite well:

Ok, BofA, shame on you, this looks like phishy spam to me. Note the link you included:

Guess where it lands:

How is that supposed to help consumers understand legitimate links and not? This bulk mail can easily be replayed with phishing links.

Banc of America and Bank of America — I’m sure it’s legit, but do your customers know that? And are we sure we know who eHealthInsurance is? How do we know they’re not a spam site, or a malicious site?

And just because your domain is in the email doesn’t make it safe (we’ve proven that already!)

And just to add insult to injury, there is a link in the email that allows you to add other people to the mass-mailing list.

When will they learn?

Alex Eckelberry