Scam of the day – November 15, 2015 – Bank of America phishing email

Here is another good example of a phishing email.   It makes for compelling reading, but it is a scam.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.  Here is a copy of a new phishing email that appears to come from Bank of America that is presently circulating.  This particular one came with particularly good looking graphics and a Bank of America logo, but it is a scam.

Security Alert
BankAmerica account ending in ****
Unusual account activity detected
Dear Customer,
We detected unusual activity on your Bank of America account on 11/07/2015. For your protection, please verify this activity so you can continue making transactions without interruption.
Please sign in to Online Banking or visit Online Banking at www.bankofamerica.com to review and verify your account activity, or you can call us immediately at 1.800.383.0618in the U.S.; international customers please call collect via the international operator at757.677.4701. After verifying your credit card transactions, we’ll take the necessary steps to protect your account from fraud.
If we don’t hear from you, unfortunately certain limitations may be placed on your account.
Please disregard this notice if you have already taken the required action.

Security Icon Your last sign-in was 11/07/2015
To verify that this email is from Bank of America, confirm your last sign-in date is correct. To access Online or Mobile Banking, go directly to bankofamerica.com or use our Mobile Banking App.
Remember: We never ask for private information such as an account number, card PIN, or Social Security or Tax ID number in email messages. If you think an email is suspicious, don’t click on any links. Instead, forward it to abusee@bankofamerica.com and delete it.

This is a service email from Bank of America. Please note that you may receive service emails in accordance with your Bank of America service agreements, whether or not you elect to receive promotional email.
Read our Privacy Notice.
Please don’t reply directly to this automatically generated email message.
Bank of America Email, NC1-028-09-01, 150 N College St., Charlotte, NC 28255
Bank of America, N.A. Member FDIC. Equal Housing Lender http://www.bankofamerica.com/help/equalhousing.cfm
В© 2015 Bank of America Corporation. All rights reserved

TIPS

Some indications that this is a phishing email is that the email address from which it was sent had nothing to do with Bank of America, but most likely was from a computer that was part of a botnet of computers controlled remotely by the scammer.  In addition, legitimate emails from your bank would include the last four digits of your account rather than just **** as appears in this email.  They also would not use the generic “Dear Customer,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call your bank at a telephone number that you know is accurate and you will be able to confirm that it is a scam.