A family member of mine got a very legitimate looking email from BofA asking for him to login and update some information in his account for security. The grammar, appearance, etc was very well done. The url was masked and appeared legit.
The source code reveals that the link takes you to this address:
http://www.keotuva.com/logs/Account-Update/BankofAmerica.Com/bankofamerica.signon
Here is the Domain registration information (/whois):
WHOIS information for keotuva.com :
[Querying whois.internic.net]
[Redirected to whois.PublicDomainRegistry.com]
[Querying whois.PublicDomainRegistry.com]
[whois.PublicDomainRegistry.com]
Registration Service Provided By: CONG TY TNHH PHAN MEM NHAN HOA
Contact: +84.903073667
Website: http://nhanhoa.com
Domain Name: KEOTUVA.COM
Registrant:
Nguyen Tien Bao
Nguyen Tien Bao (itsoftvnonline@yahoo.com.vn)
229/14 Trinh Dinh Trong Q Tan Phu TpHCM
HCM
Ho Chi Minh,84
VN
Tel. +84.0978018381
Creation Date: 04-Jun-2008
Expiration Date: 04-Jun-2009
Domain servers in listed order:
ns2.everydns.net
ns1.everydns.net
Administrative Contact:
Nguyen Tien Bao
Nguyen Tien Bao (itsoftvnonline@yahoo.com.vn)
229/14 Trinh Dinh Trong Q Tan Phu TpHCM
HCM
Ho Chi Minh,84
VN
Tel. +84.0978018381
Technical Contact:
Nguyen Tien Bao
Nguyen Tien Bao (itsoftvnonline@yahoo.com.vn)
229/14 Trinh Dinh Trong Q Tan Phu TpHCM
HCM
Ho Chi Minh,84
VN
Tel. +84.0978018381
Billing Contact:
Nguyen Tien Bao
Nguyen Tien Bao (itsoftvnonline@yahoo.com.vn)
229/14 Trinh Dinh Trong Q Tan Phu TpHCM
HCM
Ho Chi Minh,84
VN
Tel. +84.0978018381
Status:LOCKED
Note: This Domain Name is currently Locked. In this status the domain
name cannot be transferred, hijacked, or modified. The Owner of this
domain name can easily change this status from their control panel.
This feature is provided as a security measure against fraudulent domain name hijacking.