I’ve received several emails that appeared to be from Bank of America but poor grammar and spelling coupled with urgency to provide personal information set off warning bells for me and with a little research, I quickly realized these were fraudulent phishing emails.  Phishing is an attempt to steal money or identity by acquiring personal information such as user names, passwords, bank account or credit card details while posing as a trustworthy entity in an electronic communication such as an email or pop-up message.  In the past, we could count on being alerted to these fraudulent emails by poor spelling or grammatical errors but as these cyber criminals have gotten more sophisticated, it has become critical to observe safe internet practices rather then to expect to easily identify a phishing email.

How to identify a phishing email or scam:

BOA Phishing

Phishing Email Appears to be from Bank of America

  • Web addresses resemble the names of well-known companies but are slightly altered.  Graphics in email appear to be connected to legitimate websites.
  • The communication will often include an urgent call to action.  Watch out for threats that an account will be closed or something bad will happen if you don’t respond to the email message.  See some examples below:
    • We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.
    • Your security has been compromised.  Click here for more information.
    • During our regular verification of accounts, we couldn’t verify your information.  Please click here to update and verify your information.
    • Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.
  • The communication will often contain grammar and spelling errors.
  • The communication will include links you need to click on to rectify a situation.
    • If you rest your mouse on the link (but do not click), you can see if the address matches the link in the message.  Mismatched links are worthy of suspicion.
    • Links that lead you to .exe files are known to spread malicious software.

How to Avoid becoming a phishing victim:

DO NOT:

  • Do Not click on links in emails or pop-up messages that ask for personal information or that take you to your financial institutions login page or to a page where you need to enter financial information, user names or passwords.
  • Do not use any contact information referred to in the communication.  This includes email addresses and telephone numbers.
  • Do not give out any personal information on unsolicited phone calls or to anyone answering the telephone of a number found on your email communication.
  • Do not cut and paste any links from the message into your Internet browser.  Links may look like they go to one place, but you can end up at a different site.
  • Do not email personal or financial information as email is not a secure method of transmitting personal information.

DO:

  • Do type in the URL or web address yourself or set up your own links to take you to your regular sites.  I set up all of my links by using AOL Favorites or Bookmarks on Google Chrome.
  • Do take the time to locate genuine contact information (email addresses and telephone numbers) from your bank statements or other legitimate source if you wish to contact the organization with questions about a communication.
  • Do look for indicators that the site is secureif you need to provide your personal or financial information through an organization’s website.  Examples:
    • A lock icon on the browser’s status bar (although these can also be forged so exercise caution)
    • URL for a website that begins “https:” (the “s” stands for “secure”)
  • Do use a firewall and anti-virus and anti-spyware software and update them all regularly.  Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
  • Do use antivirus software that updates automatically and recognizes current viruses as well as older ones.
  • Do use a firewall to block communications from unauthorized sources and to make you invisible on the internet.
  • Do review bank and credit card statements promptly and regularly to check for unauthorized charges.
  • Do check your credit reports periodically as new accounts opened by identity thieves are likely to show up on these.  Go to www.annualcreditreport.com for details on ordering a free annual credit report and to catch potential incidents early.
  • Do be careful about opening attachments or downloading files from emails regardless of who sent them to you.  These files can contain software or viruses that can compromise your computer’s security.
  • Do report phishing communication to the organization, bank or company that was impersonated in the email.  Most organizations have information on their websites for reporting problems.

What to do if you think you’ve been compromised or scammed:

  • Go to www.annualcreditreport.com to order a free annual credit report from any of the three major credit bureaus.  You may catch an incident early as new accounts opened by identity thieves are likely to show up on your credit report.
4 replies
  1. Faye F.
    Faye F. says:

    Great article. As a recent victim of phishing scam, I can testify that is very easy to fall into the trap. One wrong move on the Internet can expose you enough to the scammers to take advantage of your email account. Hacking into people’s email account is becoming a multi-million dollar business. They high jack your email account and then send out spam mail to all your contacts. some of the spam mail they send out from your account could be quite embarrassing 🙁

    Reply
  2. Lisa
    Lisa says:

    Great article hayley! Very helpful. I just received an email from “amazon.com” stating that my account had been frozen due to suspected fraudulent use and that I would need to reenter my cc information to verify my account. Ha! There were very minor grammatical errors, as you mentioned, and it seemed definitely “phishy.”. I didn’t know that these were becoming so common. Thanks for the timely info!

    Reply
  3. stacey Raskin
    stacey Raskin says:

    Great Advice, everyone tends to read through all of their e-mails so quickly, we don’t take the time to identify what is legitimate. These people are relying on the fact that we take what they are sending at “face value” and not questioning their authenticity. Thanks for separating truth from fiction!!!

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *