In this day and age, I fail to understand how a major .com domain registrar can allow an individual claiming a physical address in Germany (and a yahoo.de email address) to register a domain name that includes "bankofamerica". The pattern for the name is "bankofamerica-??.com", where "??" is a two-letter combination.

It allowed a phisher to include the following URL in a message today (two letters disguised by ??):

http://sitekey.bankofamerica-??.com/sas/?signonScreen.do

The URL was both readable in the clear and identical in the rollover tooltip test. I'm sure a fair number of recipients will short-circuit their wariness upon seeing the "sitekey.bankofamerica" part.

Even if the real BofA gets the domain revoked (it was registered way back earlier this morning), the damage will have been done.

Sheesh.

If you are an AT&T wireless customer (like me), you probably receive legitimate email notices each month when your wireless bill is ready to be viewed online. I don't keep track of when in the month the notice is sent, so when a notice arrived in my inbox this morning claiming to be from AT&T Customer Care with a Subject: line of "Your AT&T wireless bill is ready to view", I took a peek:

I have a low-end plan (I don't talk much), so my bills are regularly well under $100 per month. Imagine my surprise at the claimed balance of over $1500. The sender hoped I'd be outraged enough to click immediately on the live links to log in to see where all the big charges came from. Unfortunately for the sender, when I see an outrageous email from one of my suppliers, I immediately smell a rat. Before clicking anything, I check the URL of the link (a mouse hover atop the link typically displays a tooltip revealing the actual URL of the link). The links in this email were not going to any AT&T web site, but rather to a hijacked site, which, upon further safe inspection of the content, loads the old obfuscated JavaScript stuff reported many times on this blog as malware loaders.

Other readily visible clues that this message is phony baloney include failure to address the recipient by name and to specify the account number in the first paragraph. It's not easy, however, to remember how each of your vendors addresses you in their regular emails. Most include your name somewhere, but not always.

Further inspecting the innards of the message, I see that the crooks tried to forge the headers to look like the message originated from an AT&T mail server. At the final stage of the header trail, however, the reverse IP address lookup performed by my mail server failed to resolve to a domain name. Legitimate AT&T emails to customers also employ a domain key signature.

You have to keep telling yourself (and your friends and neighbors) that when you receive an email message (even from someone you know) that contains anything outrageous, route your adrenalin to your rat-sniffing faculties, not your clicking finger. Clicking a link or opening an attachment in such emails may be the last thing you do with your computer before it — and all your valuable data and login credentials — fall into the hands of Bad Guys.

If you are on the same spam/malware delivery email address list that one of my addresses is on, then you've perhaps seen dozens (or hundreds) of phony parcel delivery notifications. Their sole purpose is to get you to install malware, either by clicking on an attached file or visiting a booby-trapped hijacked web site.

The most common ploy the crooks use is to claim the attachment/link contains a copy of the shipping label or other documents — figuring that you'll want to see what goodies have been shipped to you but can't find their way to your door. That's why I got a bit of a chuckle from a message claiming to be from USPS (that's the U.S. Postal Service for those outside of the U.S.):

From: USPS Mail
Subject: Print the postal label

Delivery information,

Our company’s courier couldn’t deliver your parcel.

Status deny: Wrong postal code.
LOCATION:Charlotte
STATUS OF YOUR ITEM: sort order
SERVICE: Standard Shipping
NUMBER OF YOUR PARCEL:U062504390 NU
FEATURES: No

The label of your parcel is enclosed to the letter.
Print your label and show it in the nearest post office of USPS

Important information!
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $13.79 for each day of keeping.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for using our services.
USPS Logistics Services.

[attached file: Label_Parcel_ID9279US.zip]

That's rich! The post office charging for "keeping" a package. The idea here is to encourage the recipient to act now on the attachment to prevent those "charges" from piling up. The message suggests you inquire about those charges at your local post office. I suppose that's one way to entertain the crowd of people in line behind you.