Bank of America Phishing Scams Examples - By CyberTopCops.com
PLEASE NOTE: Bank Of America is not responsible for these e-mail scams. Organisations and individuals, pretending to be Bank Of America, initiate them. All trademarks and related logos are either trademarks or registered trademarks of their respective owners, or their licensors. Cyber Top Cops is in no way affiliated with Bank Of America. The "Received From" e-mail address mentioned for each e-mail on this page, is a spoofed e-mail address and is not the true origin of the scam e-mail.
Date: 31 October 2007
Received from "Service bankofamerica" <bankofamerica@security.com>
Subject: IMPORTANT: Security Issues [Incident 040921]
Remember:
Always look for your SiteKey before you enter your passcode during Sign In » |
Irregular Check Card Activity
|
|||||
We detected irregular activity on your Bank of America Check Card on 6/15/2007. For your protection, you must update your account before you can continue using your card. Please visit Online Banking at www.bankofamerica.com to review your account. If you have any questions about your account or need assistance, please call us at [DELETED] . We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account. |
||||||
Want to confirm this email is from Bank of America? Sign in to Online Banking and select Alerts History to verify this alert. |
||||||
|
||||||
|
||||||
"bankofamerica@security.com" - These poor idiots don't even know the difference between a mailbox and a domain.
Scammers are always using different tactics to fool people. In this particular incident the scammers used a fake telephone number as an alternative way to obtain sensitive information from their victims. Many people trust a telephone number more than an e-mail address or a website and unfortunately these people fall victim to these scams quite easily. Never trust any contact details unless you obtained it from an undisputable source. There is actually a very helpful tip in this e-mail (the scammers most probably forgot to remove it from the template they used to compose this e-mail, or they decided to keep it there to create a false sense of security)
"If you have any questions about your account or need assistance, please call the phone number on your statement..."
If these criminals already have your postal address, make absolutely 100% sure that your bank statements are genuine statements from Bank of America before using any information printed on these statements.
Date: 08 September 2007
Received from "Bank of America Alerts" <alert@bankofamerica.com>
Subject: Your Account Has Been Blocked - Restore Your Online Account Access Now
Remember:
Always look for your SiteKey before you enter your passcode during Sign In » |
Your Account Has Been Blocked
There are a number of invalid login attempts on you account. We had to believe that, there might be some security problems on you account. So we have decided to put an extra verification process to ensure your identity and your account security. Please click here to continue the verification process and ensure your account security. Thank you for your cooperation. |
|||
|
||||
|
||||
Perhaps one of the more advanced types of phishing scams among the multitude of phishing scams circulating through the Internet. Although it contains the same layout and appearance as the example below, it is far more professional in terms of spelling and grammar. The advice to call the number on your bank statement and to visit www.bankofamerica.com may look like an illogical and stupid thing to do if you look at it from a scammer's perspective, but it is actually an arrogant decoy to convince the recipient that the e-mail really came from Bank of America. Yet again, a simple rule of thumb applies when it comes to banking phishing scams, banks will never send you an e-mail to verify anything.
The e-mail is not without any flaws though. "We had to believe that...". The scammers speak as if they had no choice to believe. It is normally something around the likes of "We had no other choice but to suspend your account...". So there is one obvious boo-boo that does not sound like something that came out of the mouth of a professional organisation like Bank of America.
"So we have decided to put an extra verification process to ensure your identity and your account security." This sentence makes no sense at all. Put an extra verification process, where, what? To ensure your identity? We thought they wanted to verify your identity.
The scammer also left an interesting comment inside the HTML code, reading as follows:
"<!---------- You dont know me, but I know who you are ------->".
One thing is for certain, the victim might not know you who you are, but you need to learn how to spell the phrase "don't" before leaving stupid comments like this in the e-mail source. You might give someone a laugh instead of a scare.
Date: 16 May 2007
Received from "Bank Of America" <alert@clubic.com>
Reply-To: "Bank Of America" <mailalert@boa.com>
Subject: Bank of America Alert protection I.A.C.
Remember:
Always look for your SiteKey before you enter your passcode during Sign In » You last logged into Online Banking on: 5/7/2007 |
International Access Code (I.A.C)
If you last logged in you online account on Monday May 5th 2007, by the time 6:45 pm from an Foreign Ip their is no need for you to panic, but if you did log in your account on the above Date and Time, kindly take 2-3 minute of your online banking experince to verify and register your computer now to avoid identity theft, your protection is our future medal. Verification Link |
|||
|
||||
|
||||
What does "alert@clubic.com" have to do with Bank of America? And why would they use a different domain to receive replies to this message?
"...your online account was recently logged on from am 88.59.145.131 without am International Access Code (I.A.C) and from an unregistered computer, which was not verified by the Our Online Service Department."
What is an unregistered computer? Banks do not "register" their client's computers on their online banking system, they do not force their clients to do online banking only from one specific computer, what would happen if someone stole it? Banks do not follow the ridiculous procedure described in this e-mail, so you can already tell that this is a scam by just reading the first couple of sentences. In fact, the "From" and "Reply-To" e-mail addresses should already tell you that you are not dealing with a legitimate e-mail here.
"If you last logged in you online account on Monday May 5th 2007, by the time 6:45 pm from an Foreign Ip their is no need for you to panic, but if you did log in your account on the above Date and Time..."
This is what happens when you don't proofread your junk. If you logged into your account at that time, don't worry, but if you did... wait a minute, you don't have to worry but you still have to do their silly verification. Which bank will send confusing junk like this to their clients?