Bank of America Online - The Bank of America website was down for nearly an hour on Tuesday morning and is still experiencing problems. The site, where customers can conduct banking functions, was first down around 9 am Tuesday. The bank's Twitter account had many messages about the problems.
The web site was back up around 10:20 am, but was down again around 11:15 am. and there was a message on the site about an outage.
This recent outage is just 6 weeks after a severe problem hit the website on Jan. 14. Then, the site was down for nearly the entire day and sparked coverage from CNN and the Wall Street Journal.
Customers were also upset in the January outage and there was a torrent of Tweets and comments from customers about the issue.
On Tuesday, the bank acknowledged the issue on the site and responded to various customers on their Twitter "help" page.
The bank said that Merrill Lynch accounts would likely not be affected. They also sent users to a list of Bank of America branch locations.
Donbot botnet generates Bank of America phishing scam
A threat analyst with M86 Security claims that, whilst phishing attacks against bank customers are nothing new, his research team has observed the Donbot botnet generating volumes of spam against Bank of America online account users.
This is one of the first observed cases where a botnet has been used to generate dynamic bank account phishing spam, Infosecurity notes, as whilst low-level botnets have been used to generate so-called pharma spam, the addition of financial scamming to the mix is a new move.
According to Rodel Mendrez, the phishing spam requires recipients to download the attachment and fill out a form for an 'online security measure.'
In the email sample shown in his security blog, Mendrez notes that the attachment - BillingVerification.exe - is a self-extracting WINRAR archive that contains an HTML phishing form.
The M86 Security researcher went on to say that a couple of files on the server contained sensitive information, such as IP addresses, credit card info, social security numbers, challenge questions & answers, online banking IDs and the passwords of those who had been deceived by this phishing campaign.
No comments:
Post a Comment