There’s a new phishing trick that involved the user downloading a security certificate. It’s been spotted on a fake Bank of America web site. When this fake page is accessed the user is asked to create a digital certificate.
The control is downloaded to the PC using Microsoft Certificate Enrolment Code. This ads a false sense of security for users.
The next step on the web site asks users to download a file called sophialite.exe This is a malicious program.
So if you end up at a web site that looks like the Bank of America pay close attention to the address shown in your web browser, make sure it’s exactly right.
A source or reference or link to more info on this would have been nice…