A Closer Look as One Spam Message

(You can click on an image to see a larger view.)

Let's take a few moments to examine spam. You can see by the image above that Bank of America sent a warning that my account had several logon attempts. This specific message was sent to "undisclosed-recipients" and starts with "Dear member." I knew immediately it was spam as I don't bank there, but why wouldn't they address it to me if it were on my account? My bank knows who I am. That was a pretty good give-away. But lets look to at the source of the message.




When this is put in the Junk Email folder in Outlook, you can see the Bank of America image was linked to a valid image, but the security symbol was linked from USAA, a competitor of Bank of America. The message is short and sweet, and the link it refers the receiver to isn't going to a bank domain at all, http://racheljohns.com/Bankofamerica.com/Online/index.html. Rachel Johns likely was a victim and part of her site was hijacked by the spammer. The link is a forgery, although racheljohns.com is accessible.

If your customer gets a message like this, they should know how and where to contact you. Your bank should have a process that not only reacts to a threat like this to stop it, but reassures your customer of your safety and that of their accounts with you.