A new phishing email (via Trend Micro)that recently emerged claimed that the user’s Bank of America account was accessed by an international IP from an unregistered computer and that their “Foreign IP Spy” detected that breach.

It is asking the user to verify and register his current computer by logging in to the Bank of America website. That link leads to a new window which opens a phishing website that is using a fake address bar. Most users who clicked on that link will surely enter their login information.

This approach is basically appealing to the user to secure his account. That’s tricky and many users will probably fall for this because they believe that thiefs would not ask them to secure their accounts. What they obviously miss is the fact that the added security feature is fake and not existing.

Websites with that fake address bar can be easily identified by right-clicking on that website and selecting properties from the context menu if Internet Explorer is the browser of choice. Firefox users click on Page Info in that right-click menu while Opera users press Alt + Enter or right-click and selected Edit Site Preferences.

The best protection against phishing is to not open any links in emails. Always open the website directly in the browser. If you are insecure call the company and ask if they have send that email to you.