Look at this Bank of America email here. Is it a phish?
No, it’s real. I got this sample from phishing guru Lance James over at Secure Science, and he sums it up quite well:
Ok, BofA, shame on you, this looks like phishy spam to me. Note the link you included:
Guess where it lands:
How is that supposed to help consumers understand legitimate links and not? This bulk mail can easily be replayed with phishing links.
Banc of America and Bank of America — I'm sure it’s legit, but do your customers know that? And are we sure we know who eHealthInsurance is? How do we know they’re not a spam site, or a malicious site?
And just because your domain is in the email doesn't make it safe (we've proven that already!)
And just to add insult to injury, there is a link in the email that allows you to add other people to the mass-mailing list.
When will they learn?