Bank of America "Security Alert" Phishing

Watch out for emails claiming to be from Bank of America with subjects like “Bank of America Security: Strange Purchase" or “Security Alert: Verify Your Bank of America Account ...”. These are dangerous phishing scams that steal your personal information, including password, birthday, account number, social security number and more. SpamStopsHere is blocking them with multiple filter rules that were already in place before these latest variations emerged.

How to Spot This Phishing Scam

So you and your coworkers know what to look out for, here’s what these two campaigns look like:

Bank of America Phishing Scam Emails

Bank of America Phishing Scam Emails

The emails are similar and look somewhat authentic. They both use actual BofA images and links (e.g., Privacy and Equal Housing notices). One includes a text box at the top that the message is from a “trusted sender”. However, they still show signs of being spam that you should a train your coworkers to recognize. For example:

No Customer Name
The emails begin with “Dear Customer” and “Dear Valued Customer”. Your bank knows your name and would likely use it in an email to you. However, don’t assume an email is legitimate just because it uses your name. Spear-phishing campaigns do just that.
Spelling and Grammar Mistakes
No legitimate company would ever use such poor spelling and grammar (emphasis added):
  • "We detected a hugh debit..."
  • "...we strongly advice you verify..."
  • "...we need to very sure it's you..."
  • "We will review the suspicious activity on your account with you and upon verification, and remove any restrictions..."
  • "...its mandatory for you to Verify Your Bank of America Account..."
  • "...if this is not done as urgent as possible..."
  • "...we are always there to keep you informed..."
Strange URLs
Some of the links (e.g., Privacy and Equal Housing) lead to legitimate BofA URLs. That's intended to make the emails seem authentic. However, the "call to action" or "click-me" links that the spammer wants you to click go to hacked websites that clearly do not belong to BofA. If you hover over the link text (don't click it!), the actual URL that it would take you to appears at the bottom of your browser window.
Urgent Message
Phishing is a form of social engineering, using various techniques to gain the victim's trust or otherwise get them to do what the spammer wants. One of these tricks is to create a false sense of urgency, so the victim acts without thinking. Both of these campaigns include urgent "Security Alert" subject lines and titles, as well as warnings that there has been a huge debit, suspicious activity and that failure to act quickly could result in account deactivation. Those are designed to get you to click the big button without taking precautions.
Tip: As always, if you feel the need to check on any account that you receive an email about, type the company's website name that you know and trust directly into your browser. Also, always make sure the site is secure (with a green lock in the browser's address bar) before you enter your username or password.

How this Phishing Scam Works

The malicious links go to a fake BofA login page that looks very realistic:

Fake Bank of America Login Page

Fake Bank of America Login Page

Clicking Sign In (don’t do it), takes you to fake forms designed to steal your personal information so the spammer can assume your identity, drain your account, use your credit card, etc. The form associated with the first email was particularly dangerous because of how realistic it looked and behaved, and how much information it requested. The URL is obviously not the BofA website, but the spammer is betting that many people won’t notice. Here’s a portion of it:

Fake Bank of America Account Information Form

Fake Bank of America Account Information Form

Trick Ending

Note: Our professional threat analysts opened and tested these forms in a secure environment with fake data in order to provide information to you about these scams. Do not attempt to do so yourself. Some phishing scams can download malware to your computer

The first email has a really dangerous trick at the end to make it seem more legitimate. When you submit the form, a page appears that makes it look like the form is processing. Then, it takes you to a “session timeout” page. That last page is the actual session timeout page on the BofA website, lending even more credibility to the phishing scam. By that time it’s too late. The scammer has taken whatever information you submitted.

Fake Bank of America Login Page

Fake Bank of America Loading Page

Bank of America Phishing Scam Real Timeout Page

Bank of America Phishing Scam Actual Timeout Page

How We Block These Phishing Scams

SpamStopsHere is blocking these scams with at least 9 different filter rules, including phrases and other features that appear in this spam, but would never be in legitimate email. For obvious reasons, we generally don't release filter details, but we can say that we don’t block on individual "trigger" words.

Instead, our threat analysts block on long complex phrases (using regular expressions) and patterns. That helps make sure we don’t block legitimate email and helps us block future variations before we even know what they look like.

Transform Your Work Day - Try SpamStopsHere FREE

Try SpamStopsHere FREE for 30 days and see just how amazing and inexpensive premium hosted spam filtering with zero-hour threat protection can be. 24/7/365 live support and many other features are included with every edition.

Try SpamStopsHere Today!