Phishing for Bank of America Fools
Phishing emails are usually easy to spot but that does not mean an intelligent (or busy) individual is safe from becoming a victim of a phishing scam. (Forgive me for using “fool” in the title – it fit nicely with the “f” pronunciation of “phishing!”)
Please glance at the fraudulent email below. The logo, colors and headline make it appear to have originated from Bank of America so it wouldn’t be surprising if a busy person quickly skimmed the bold headline and then clicked on the link.
Before analyzing the fraudulent email above, let’s look over a real Bank of America email:
Both emails are graphically similar but the legitimate email includes the last 4 digits of the account number and is personalized to the customer instead of being addressed to “Valued Customer. The “From” and “Reply To” addresses look (and are) appropriate in the real email but the “From” address is suspicious with it’s double extension ending in the generic and fraudulent email.
In addition to being personalized, hovering over each link in the real email reveals the link destination. None of them were suspicious and all were related to BankofAmerica.com, the correct site. Now let’s look at the fraudulent email again.
Errors in the phishing email:
- Grammar errors in subject and headline
- “From” address is unusual and not what we’d expect from Bank of America
- Unprofessional wording in the body of the email
- Hovering over the link reveals a suspicious foreign link that is not related to BankofAmerica.com
- Email is not personalized and doesn’t include last four digits of bank account
The point of this post is simple. Avoid multi-tasking and take your time to know what you are clicking on before clicking on any link. For more important tips to avoid becoming a phishing victim, please read How to Avoid Phishing Scams. If you’ve been a victim of a phishing scam, please share your experience to spare others the same pain. (or to entertain us?)
Until next time,… Stay Cyber Safe.
Over the last day or so, a Twitter feed claiming to be a support channel for Bank of America has been sending links and messages to anybody having issues with their accounts.
We have to be careful with everything we do online because scams are getting more and more sophisticated. Only click links from trusted sources and know the bank would not communicate with individual clients via Twitter. Thanks for sharing JKR.
Accounts “has” been locked? How they can spend so much time getting the look right and then mess up the grammar is hilarious.
In this case and in many others as well, English is not the first language of the people creating the phishing email. That works in our favor because the errors give us a helpful clue that all is not what it seems.