, ,

Phishing for Bank of America Fools

Phishing emailsPhishing emails are usually easy to spot but that does not mean an intelligent (or busy) individual is safe from becoming a victim of a phishing scam. (Forgive me for using “fool” in the title – it fit nicely with the “f” pronunciation of “phishing!”)

Please glance at the fraudulent email below. The logo, colors and headline make it appear to have originated from Bank of America so it wouldn’t be surprising if a busy person quickly skimmed the bold headline and then clicked on the link.

Social Engineering

This phishing email appears to be from Bank of America

Before analyzing the fraudulent email above, let’s look over a real Bank of America email:

Statement notification email

Real Bank Of America email is customized and personalized

Both emails are graphically similar but the legitimate email includes the last 4 digits of the account number and is personalized to the customer instead of being addressed to “Valued Customer.  The “From” and “Reply To” addresses look (and are) appropriate in the real email but the “From” address is suspicious with it’s double extension ending in the generic and fraudulent email.

Real Bank Of America Email

Legitimate banking emails include links too. Avoid links and type in address instead.

In addition to being personalized, hovering over each link in the real email reveals the link destination.  None of them were suspicious and all were related to BankofAmerica.com, the correct site. Now let’s look at the fraudulent email again.

Bank of America email

There are many signs that identify this as a fraudulent, phishing email

Errors in the phishing email:

  • Grammar errors in subject and headline
  • “From” address is unusual and not what we’d expect from Bank of America
  • Unprofessional wording in the body of the email
  • Hovering over the link reveals a suspicious foreign link that is not related to BankofAmerica.com
  • Email is not personalized and doesn’t include last four digits of bank account

The point of this post is simple. Avoid multi-tasking and take your time to know what you are clicking on before clicking on any link.  For more important tips to avoid becoming a phishing victim, please read How to Avoid Phishing ScamsIf you’ve been a victim of a phishing scam, please share your experience to spare others the same pain. (or to entertain us?)

Until next time,… Stay Cyber Safe.

4 replies
  1. J. K. R.
    J. K. R. says:

    Over the last day or so, a Twitter feed claiming to be a support channel for Bank of America has been sending links and messages to anybody having issues with their accounts.

    • Hayley Kaplan
      Hayley Kaplan says:

      We have to be careful with everything we do online because scams are getting more and more sophisticated. Only click links from trusted sources and know the bank would not communicate with individual clients via Twitter. Thanks for sharing JKR.

    • Hayley Kaplan
      Hayley Kaplan says:

      In this case and in many others as well, English is not the first language of the people creating the phishing email. That works in our favor because the errors give us a helpful clue that all is not what it seems.


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *