Sophos security researchers are warning of a new phishing attack that asks Bank of America customers to update their personal information, including name, address, date of birth, social security number, credit card details and ATM pin.

"Unlike traditional phishing emails which advertise a link to a spoofed page, or at least have an attached HTML document, this attack opted for an attachment called BillingVerification.exe," writes Softpedia's Lucian Constantin.


"[The] executable is a self-extracting archive that drops a file under C:bankofamericaverificationBillingVerification.html and opens it with the default browser," Constantin writes. "The local HTML displays a fake Bank of America account verification page which contains a form for inputting personal information, as well as account and online banking details."

Click here to read the Softpedia article.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.