Is this a Bank of America Clone?
A client called in and had me connect to their machine today to check out what appears to be a phishing screen.
He says normally, he signs in with his username, and then is presented with the Sitekey screen.
Instead of the site key, he gets the screen shown in the attachment.
Clearly, this looks like a phishing scheme. He printed out the page and took it into the bank, and they told him that it wasn't a legit page.
Looks like a phishing page to me, except:
1. Symantec found nothing.
2. Malwarebytes found nothing.
3. Host file is intact.
4. The SSL certificate has been verified in IE8 and Firefox, and is a Verisign certificate.
I advised him not to put in his information.
Is this a legit screen? If not, how do I find what is doing the EXTREMELY good redirect?
boa-phishing.png
He says normally, he signs in with his username, and then is presented with the Sitekey screen.
Instead of the site key, he gets the screen shown in the attachment.
Clearly, this looks like a phishing scheme. He printed out the page and took it into the bank, and they told him that it wasn't a legit page.
Looks like a phishing page to me, except:
1. Symantec found nothing.
2. Malwarebytes found nothing.
3. Host file is intact.
4. The SSL certificate has been verified in IE8 and Firefox, and is a Verisign certificate.
I advised him not to put in his information.
Is this a legit screen? If not, how do I find what is doing the EXTREMELY good redirect?
boa-phishing.png
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Combofix would be good to start with, in case of a good "hidden" redirect
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
please ask the client to make a screencopy of the certificate issuer.
See the remarks on my screen-shot
13.02.png
See the remarks on my screen-shot
13.02.png
ASKER
IE was a bad boy.... clearing everything fixed it.
Thanks, and I am pleased it is resolved. ... Thinkpads_User
I don't trust the end result pages, but look at the link he clicked on to bring this up.
Worst comes to worse, just go to Bank of America home page manually, then login from there.
If he already has an account, it should "not" be asking for this information again.
Have him open up a new web browser window, and go to the bank of america home page then login from there to see if he gets the same message.