SoylentNews

upstart writes in with an IRC submission:

BofA Phish Gets Around DMARC, Other Email Protections:

A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month, with emails that get around secure gateway protections and heavy-hitting protections like DMARC.

The campaign involves emails that ask recipients to update their email addresses, warning users that their accounts could be recycled if this isn’t done.

“The email language and topic was intended to induce urgency in the reader owing to its financial nature,” according to analysis from Armorblox. “Asking readers to update the email account for their bank lest it get recycled is a powerful motivator for anyone to click on the URL and follow through.”

The messages contain a link that purports to take visitors to a site to update their information – but clicking the link simply takes the recipients to a credential-phishing page that closely mirrors a legitimate Bank of America home page, researchers said.

The attack flow also included a page that asked readers for their ‘security challenge questions’, both to increase legitimacy as well as get further identifying information from targets, researchers said in a posting on Thursday.

“With the enforcement of Single Sign On (SSO) and two-factor authentication (2FA) across organizations, adversaries are now crafting email attacks that are able to bypass these measures,” Chetan Anand, co-founder and architect of Armorblox, told Theatpost. “This credential-phishing attack is a good example. Firstly, it phishes for Bank of America credentials, which are likely not to be included under company SSO policies. Secondly, it also phishes for answers to security-challenge questions, which is often used as a second/additional form of authentication. Asking security-challenge questions not only increases the legitimacy of the attack, but also provides the adversaries with vital personal information about their targets.”

Original Submission