Has your US Bank account been compromised by outside parties? - Not this time,
its a scam ...
This spoof email appears to
take the form of a text email with a link (see image below),
but it is an html email which contains a cloaked link - one which is
disguised to look like it will take you to the genuine US
but will instead take you to a forged page.
This scam also exploits a very serious bug in
Internet Explorer browsers which allows the URL (site address
shown in the browser address bar) to be spoofed. This means that if you
use that link, Internet Explorer browsers will open the forged page that
it points to, but with the URL shown as http://www.usbank.com (see
image below). However, the true URL is http://bos.es.kr/ which
traces back to a Korean school - Daejeon Boseong Elementary School.
This bug has been increasingly exploited by email scammers
of late, and we eagerly await a patch from Microsoft. The vulnerability
can also allow a fake URL to be shown in the status bar of Microsoft Outlook
and browser products (while holding the cursor over the cloaked link).
We have set up a Browser
Test cloaked link which you can use to see if your browser is
vulnerable. You can also check links in emails or web pages for cloaking
using our Link
Checker, and you can check for URL spoofing while at a web page
using our URL
forged web page consists of a web form which requests your Credit card
number and ATM PIN, this is captured by the scammers using a PHP script
while you are directed to a forged confirmation page and then subsequently
the genuine usbank.com site (see image below).
If you have received this email, please remember that it is very
common for these email scams to be redistributed at a later date with only slightly
different content or the same but with the fake page(s) hosted by a different
provider. Also, once you have received one of these hoaxes, it is also common
place to receive at least another one and usually a day or two after the first,
although not necessarily from the same apparent sender.
The Spoof Email ...
bogus web page ...