Computer internet credit card security concept with padlock

Fake Bank of America Twitter Feed Leads to Phishing Page

Over the last day or so, a Twitter feed claiming to be a support channel for Bank of America has been sending links and messages to anybody having issues with their accounts.

Here’s the dubious BoA Twitter account in question:

Twitter Feed

The message reads as follows:

Dear customer, as part of our security measures against fraud, we recommend all our customers perform a security check on their account now. Log in via our secured area [url removed] to secure your account. Thank you.

In most cases, they direct people to a URL where they can supposedly fix their problems, which is

sclgchl1(dot)eu(dot)pn/index(dot)html

They’ve also been seen asking for credentials directly via DM (Direct Message).

They appear to be using that classic Twitter phishing technique: look for people sending help messages to an official account, then inject themselves into the conversation.

Conversation crasher

Here’s a sample list of messages they’ve been sending to BoA customers:

Twitterstorm

Some things to note: the Twitter account is not verified, and the page collecting personal information is not HTTPS secured which is never a good sign where sending banking credentials to someone is concerned. If you land on their page with JavaScript disabled, you’ll be asked to switch it on again:

Switch Javascript back on

The page resembles a Bank of America login page, and says:

As part of our security measures to protect your account against fraud and scam activities. You need to pass through our security verification protocols to view your account. Please bear with us. Thank you.

The site asks for the following information: Online ID, Passcode, Account Number, Complete SSN or Tax Identification Number and Passcode. Once all of this information is entered, the victim is redirected to the real Bank of America website.

At time of writing, the site is being flagged by Chrome for phishing:

Chrome phishing warning

We’ve also spotted another page on the same domain which looks like a half-finished Wells Fargo “Security Sign On” page:

Wells Fargo page

 

We advise customers of BoA to be very careful where they’re sending account credentials – note that the official BoA Twitter feed has a Verified icon, and that small but crucial detail could make all the difference where keeping your account secure is concerned.

Christopher Boyd (Thanks to Jovi for additional research)

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.