Subject: Bank of America Warning : Error Statement
General Account Update from Bank of America
Sign in now
Your Bank of America account showed unusual activities this morning.
What to do next?
Sign in now to verify your logon details.
If you feel this message has been sent to you in error.
Go to your online account and check your current balance(s) for your account(s)
We appreciate your business. It's truly our pleasure to serve you.
Bank of America Message Center.
Forgot your Online ID and/or Passcode?
According to this "error statement" email, which purports to be from Bank Of America and arrives complete with seemingly official Bank Of America graphics and formatting, "unusual activities" have been detected on the customer's account. The customer is instructed to follow a link in the message to sign in and verify account login details.
However, the email is not from Bank of America and the supposed account problems outlined are just a ruse designed to trick recipients into clicking one of the links in the message. In fact, all links in the email lead to a bogus website designed to emulate the real Bank of America website. Once on the bogus website, victims will be instructed to sign in by entering their banking login details. After they have "logged in" on the bogus site, they may then be asked to provide further personal and financial information, ostensibly as a means of verifying their account and resolving the errors. Login details and any other personal information provided will be collected by Internet criminals and subsequently used to hijack real Bank of America accounts and use them for fraudulent activities and identity theft.
The care and detail with which the scam email has been created makes this phishing scam attempt a little more sophisticated than some other such attacks and may fool at least a few bank customers into supplying the requested details.
Like many other institutions, Bank of America has been repeatedly targeted by cybercriminals and further such phishing attacks are likely. Be very wary of any email that purports to be from your bank and claims that you must click a link or open an attachment to supply login details and other private information. Banks and other types of financial institutions are very unlikely to ask customers to provide such information via an unsolicited email. Always log in to your bank's website by entering its web address into your browser's address bar rather than by clicking a link in an email.