Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Bank Of America 'General Account Update' Phishing Scam

Outline
Email purporting to be from Bank of America claims that the recipient's account has shown unusual activity and that he or she must sign in to verify bank login details.



Brief Analysis
The email is not from Bank of America. In fact, the message is a phishing scam designed to steal bank login details and other personal information from Bank of America customers.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:






Last updated: 23rd April 2012
First published: 23rd April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Bank of America Warning : Error Statement

General Account Update from Bank of America

Sign in now

Your Bank of America account showed unusual activities this morning.

What to do next?
Sign in now to verify your logon details.
If you feel this message has been sent to you in error.

Go to your online account and check your current balance(s) for your account(s)

We appreciate your business. It's truly our pleasure to serve you. Bank of America Message Center.
Forgot your Online ID and/or Passcode?

Bank Of America Phishing Scam




Detailed Analysis
According to this "error statement" email, which purports to be from Bank Of America and arrives complete with seemingly official Bank Of America graphics and formatting, "unusual activities" have been detected on the customer's account. The customer is instructed to follow a link in the message to sign in and verify account login details.

However, the email is not from Bank of America and the supposed account problems outlined are just a ruse designed to trick recipients into clicking one of the links in the message. In fact, all links in the email lead to a bogus website designed to emulate the real Bank of America website. Once on the bogus website, victims will be instructed to sign in by entering their banking login details. After they have "logged in" on the bogus site, they may then be asked to provide further personal and financial information, ostensibly as a means of verifying their account and resolving the errors. Login details and any other personal information provided will be collected by Internet criminals and subsequently used to hijack real Bank of America accounts and use them for fraudulent activities and identity theft.

The care and detail with which the scam email has been created makes this phishing scam attempt a little more sophisticated than some other such attacks and may fool at least a few bank customers into supplying the requested details.

Like many other institutions, Bank of America has been repeatedly targeted by cybercriminals and further such phishing attacks are likely. Be very wary of any email that purports to be from your bank and claims that you must click a link or open an attachment to supply login details and other private information. Banks and other types of financial institutions are very unlikely to ask customers to provide such information via an unsolicited email. Always log in to your bank's website by entering its web address into your browser's address bar rather than by clicking a link in an email.

Bank of America discusses online fraud of this nature on its website.

Bookmark and Share

References
Phishing Scams - Anti-Phishing Information
Bank of America Software Upgrade Phishing Scam
Fraud Prevention and Identity Theft


Last updated: 23rd April 2012
First published: 23rd April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer