Bank of America: Phishing emails bypassed the mail security

July 7, 2020
phishing emails bank of america antiphishing phishing solutions

Experts still consider phishing as the most commonly used attack on the organization, and it tops all online surveys. Out of the 2,109 organizations recently hit by a cyberattack, over half were victims of phishing. Phishing is still the most widespread cyberattack in all countries except for Colombia, where it was the second most common threat. How significant are these figures to any organization? Well, this only shows that hackers never runs out of ideas and even outsmarted even the trickiest technology available. The primary goal is to get you to enter your personal or financial information.


Factors why the phishing emails went through

Other actors could also copy successful endeavor then passed to other actors and so on. This recent campaign used Bank of America as a way to bypass security controls despite obvious phishing clues. It leaves us one question in mind, Why was this attack successful?


  1. The email was not a bulk email. Few people are targeted and opt to receive the phishing mail. Meaning that the email was not caught by Microsoft email security in a bulk email message in the mass email filters native to the app or the Secure Email Gateway (SEG).
  2. For the apparent reason, Bank of America was impersonated; the email sent from Yahoo account via SendGrid. The action resulted in the passing of SPF, DKIM, and DMARC email authentication, policy, and reporting protocol that is all natively inherited.
  3. The attackers created a new domain for the email link, so it got past any filters that were designed to block known bad relationships, including a phishing login page that resembles the Bank of America landing page.
  4. Security challenge questions added legitimacy to this phishing email. This tactic much-added authenticity of the attack in the eyes of the readers, because Bank of America also asks for security question upon login by default. Baiting through this attack chain, actors would gain access to their account credentials and security question details.
  5. Unlike spray-and-pray email fraud attempts, the sample email was expressly created by the attackers and sent to trigger the required response. The sender name impersonated Bank of America, making the email likely to get past eye tests when people glanced through it amidst hundreds of other emails in their overflowing mailboxes.


How was the attack detected?

1. Language, intent, and tone

2. Brand Impersonation

3. Low communication history, and

4. Low domain frequency.

About the author

Leave a Reply