Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share







Bank of America Software Upgrade Phishing Scam

Outline
Email, purporting to be from the Bank of America, claims that, due to a planned software upgrade, customers must confirm their banking details online by following a link in the message.



Brief Analysis
The email is not from the Bank of America. It is part of a scam designed to steal personal and financial information from BOA customers. Those who follow the link will be taken to a bogus website that asks for login details and other private information. Any information submitted on this bogus website can be collected by Internet criminals and used for fraud and identity theft.

Bookmark and Share
Detailed analysis and references below example.



Scroll down to submit comments
Last updated: 19th February 2010
First published: 19th February 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example:
Subject: Technical services of the Bank of America


Technical services of the Bank of America are carrying out a planned software upgrade.
We earnestly ask you to visit the following link to start the procedure of confirmation on customers data. To get started, please click the link below:
[LINK REMOVED]

This instruction has been sent to all bank customers and is obligatory to fallow.

Thank you,

Bank of America Customers Support Service.




Detailed Analysis
This email, which is supposedly from "technical services" at the Bank of America, claims that a software upgrade is currently being carried out that requires bank customers to confirm their account details. The message instructs recipients to click a link in order to provide the required information. It warns that it is "obligatory" for all bank customers to provide the requested information.

However, the message is not from the Bank of America. In fact, the message originates with Internet criminals intent on stealing bank account information and other personal details from Bank of America customers. Those who fall for the ruse and click the link in the message will be taken to a fake website that has been constructed to look identical to the genuine Bank of America website. Once on the fake website, the victim will be prompted to "logon" by submitting his or her banking username and password. After the login details are submitted, another page may open that requests more personal and financial information, ostensibly so that the customer's details can be updated in the new software system.

Any details submitted on the fake site, including the customer's login details, can then be retrieved by the fraudsters behind the scam. Once armed with these details, the scammers can easily login to their victim's real bank account, steal funds and conduct other fraudulent activities at will.

The Bank of America has published information warning customers about such phishing scams on its website. Phishing scammers regularly target many banks and financial institutions with bogus emails similar to the one shown above. Be cautious of any email that claims to be from your bank that asks you to click a link and submit personal information. If you receive such an email, do not click on any links in the message. Do not reply to the message. If in doubt, always check with the bank directly. It is good policy to always logon to your bank's website by entering its web address directly into your browser rather than by clicking a link in an email.

Scammers go to great lengths to make their scam emails and websites seem legitimate. The scam emails may include legitimate bank logos, copyright information and other content stolen from the bank's genuine website. The fake websites built by these criminals may be virtually identical in appearance to the bank's real website.

Phishing scam emails can often be recognized by strange spelling and grammar and by an unreasonable sense of urgency. Links and addresses in the bogus emails are often disguised so that they appear to belong to the targeted institution. Unlike a genuine banking website, a phishing webpage will usually not be a secure (https) site.

Learn more about phishing scams

Bookmark and Share

comments powered by Disqus

References:
Bank of America - Recognizing email and website fraud
Check Links in HTML Emails
Difference Between http & https
Phishing Scams - Anti-Phishing Information

Last updated: 19th February 2010
First published: 19th February 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer