Shostack + Friends Blog Archive


Friday Phish Blogging: Bank of America

9-times.jpgToday’s Friday Phish blogging comes to you pretending to be from Bank of America:

It appears here in our system that you or a wrong person is usually trying to log into your account, in nine differnt occasions have you or (person) provided us a nearly correct answer to your site-key
challenging question, of which by what we are seeing here, the person is missing only one answer from the question we have here as your site-key answers. To avoid the suspension of your online access,you are
required to log on to your account to update the account,as another log in error will lead to the suspension of your account. Log in here sign in to Online Banking for quick updating.

Some quick notes:

  • “9 differnt [sic] occasions” Some people have suggested that your bank tell you this. It’s a great geeky feature, but perhaps has bad usability effects.
  • Notice how they throw in mention of SiteKey? Notice how ‘Site-key’ [sic] is confused with annoying security questions? (Site key is instead the annoying ‘cookies-and-javascript will make you secure’ thing.)

Fresh fish photo from Eye

One comment on "Friday Phish Blogging: Bank of America"

  • jonny12 says:

    [Adam Adds: would you check out what this ass inserted?]
    (script src=>jonny19(/script)

Comments are closed.