Holy ALMOST Scammed.....

NYSpeed Automotive NYSpeed Off Topic
1

I totally almost fell into this scam. I use my online Bank of America account avidly every day for my business and personal.

I entered in my username and my mother’s middle name…then it took me to the login screen. For those who don’t know, BoA has a login screen where you have to verify a picture that you chose for extra security. Anyway, the picture didn’t load, it acted as if it was taking a moment and I started entering my password in, just by force of habit.

that’s when i and happened to look up at the URL and saw a http://… not a https://

i would have been totally fucked if i would have entered my password. So instead, i entered “FUCK YOU” for my password and everything else (as you can see) and of coarse, everything went through just fine as if it was all correct.

JUST A HEADS UP…BE AWARE. I feel i am usually really good at identifying these sort of scams, but was almost had.

the original e-mail:

http://photos.e46fanatics.com/data/500/scam2.JPG

the log in screen:
http://photos.e46fanatics.com/data/500/scam3.JPG

and the account info
http://photos.e46fanatics.com/data/500/scam1.JPG

2

soo. a spoofed email? I see the same picture three times
whats the reply to?

you do realize http and https are essentially the same thing… https is secure where as http is not… the domain is the important part. bankofamerica.com

3

no “reply to” other then what you see in the address bar at the top of the e-mail: alerts@bankofamerica.com

clicking on the enclosed link is what brought me to the other screens.

4

You uploaded the same 3 images. Fucking dick.

edit- oh, it’s supposed to be like that?

dick.

pps: that’s a really well put together scam email, btw.

5

thanks for the heads up. however you just posted three of the same pics…

6

:gotme: I see 3 different images

7

as do I.

8

Would be hilarious if it was legit.

9

in the second two images (which finally showed up) the domain is samsells4u.co.uk hence the spoof.

Well good work not getting fucked

10

Uhh durrrr. He obviously edited it by now.

11

3 minute ninja edit…not bad

12

nice catch.

EVERYTIME i get any email from banks, cards, ebay, etc… and they have a “new alert” or “message” with a link to login, i pop open a new browser & type in the url.

Or, “mouse over” the login link.

13

lol… look at the link. “samsells4u.co.uk”?

Some good rules to follow when it comes to banking emails.

  1. Your bank will never email you asking to update your information.

  2. Never click on a link sent to you in an email claiming to be your bank. Open your browser window and go to the address yourself.

I’ve seen much better scammer emails than the one you got. One of them even managed to overlay an image in the address bar with the real https address so it look 100% legit. The only way you could see it was an overlay was to drag the browser window around the screen and the overlay couldn’t quite keep up, revealing the bogus address under it. As soon as you stopped moving the window the overlay would snap right back into perfect position. We spent half a day trying to figure how the hell the scammer did it because we were impressed. Impressed in that, “wow, that’s evil as hell but I have to give you credit for the effort you put in” kind of way.

14

That’s the very first thing I noticed about the screenshots. I always make sure I examine the URL before entering any info. It’s force of habit for me now.

Good job not falling for their scam. :tup:

15

good catch.

16

especially ones from Paypal or Ebay. scammers.

17

that would have royally sucked.

i am glad you are observant.

banks will NEVER email you and ask you to update personal or account info.

18

Spelling was my first tip. Usually they will get simple things like that wrong.

Submiting

19

Scammers piss me off.

20

damn they are getting into everything now.

what ever happened to working hard for your money, dam scammers