A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month. The campaign involves emails that ask recipients to update their email addresses, warning users that their accounts could be recycled if this isn t done. The attack flow also included a page that asked readers for their security challenge questions , both to increase legitimacy as well as get further identifying information from targets. The emails are able in some cases to get past existing email security controls because they don’t follow the patterns of more traditional phishing attacks.
Source: https://threatpost.com/bofa-phish-gets-around-dmarc-other-email-protections/156688/