Armorblox, the platform that earlier this month, discovered phishing attacks on the infamous Bank of America, where scammers contacted the customers requesting them to update their email addresses. The email notification had a malicious link, which once clicked, it redirects the page to designed to look like a BoFA replica login page.
The domain is critically controlled by the hackers with a sole purpose of collecting personal information of BoFA customers and they have the capability to achieve that once people actually input their information in the fields provided.
Armorblox also reported that the emails were sent via a personal yahoo email through SendGrid. Noticeably, the messages were dispatched in small batches, allowing them to bypass Microsoft security tools in order to successfully accomplish the phishing goals.
Surprisingly, the domain used to conduct this scam is fairly new. It was created on June 1 and is found to have multiple design elements from other BoFA sites.
Here’s what the reports stated, “Upon closer inspection, it’s evident that the domain is not owned and hosted by Bank of America,” according to the report. “The domain – nulledco[.]store – was created on June 1. The screenshot below shows the certificate’s common name for the webpage, which is nulledco[.]store and not Bank of America.“