Scam of the day – March 7, 2016 – Bank of America phishing scam

Here is another good example of a phishing email that is presently being circulated.   It makes for compelling reading, but it is a scam.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.  Here is a copy of a new phishing email that appears to come from Bank of America that is presently circulating.  This particular one came with particularly good looking graphics and a Bank of America logo, but it is a scam.  DO NOT CLICK ON THE LINK.

http://
Online Banking Alert
Unauthorized Sign-In
As part of our security measures, during our system regularly scheduled account maintenance and verification procedures, we have detected a slight error in your online banking information. Our system requires account verification for more security and protection to your account.

To confirm this verification log into Online Banking and update your information.

Once you have verified your records, your Account Services will not be interrupted and will continue as normal.
Security Checkpoint: This email includes a Security Checkpoint. The information in this sectionnlets you know this is an authentic communication from Bank of America.
Bank of America, N.A. Member FDIC. Equal Housing Lenderhttp://
© 2016 Bank of America Corporation. All rights reserved.

TIPS

An indication that this is a phishing email is that the email address from which it was sent had nothing to do with Bank of America, but most likely was from a computer that was part of a botnet of computers hacked into and controlled remotely by the scammer.  In addition, legitimate emails from your bank would include the last four digits of your account.  This email does not use the customer’s name or account number anywhere in the email.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call your bank at a telephone number that you know is accurate and you will be able to confirm that it is a scam.

Scam of the day – August 26, 2015 – Bank of America security message scam

This is another phishing scam that is making the rounds these days.  It appears to be a legitimate email from Bank of America informing you that due to upgrades being done to the Bank of America computer systems, it is necessary for you to confirm personal account information in order to maintain your account.  Of course, if you click on the link contained in the email, you will only succeed in either unwittingly downloading keystroke logging malware that will steal your personal information from your computer and use it to make you a victim of identity theft or you will be sent to another website that prompts you to provide your personal information directly, which then wil be used to make you a victim of identity theft.  Either way you lose.  Here is a copy of the email presently being circulated:

“Member:

We need you to confirm your Bank of America account due to our new upgrading. It is mandatory that you confirm your details through our secure link below.

CONNECT
Thank you for your co-operation.
Bank of America Admin
Copyright © 2015 BOA Inc.”

TIPS

There are a number of ways to know that this is a phishing scam.  First of all, if you are not an account holder at Bank of America, you can rest assured that the email is a scam.  Unfortunately, there are so many people that are account holders at Bank of America, the scammers just send out the email in large numbers hoping to reach Bank of America account holders among the random people being sent the email.  The email address from which it is sent was not that of Bank of America, but rather that of a private individual whose email account was hacked, taken over and made part of a botnet to send these emails in large numbers.  Because you can never be sure whenever you receive an email that asks you to provide personal information whether it is legitimate or not, the best thing to do is to remember my motto, “trust me, you can’t trust anyone” and confirm whether it is legitimate or not by calling the real company, in this case Bank of America to learn whether or not the email is phony or not.  Chances are, you will be told that it is a scam.

Scam of the day – May 13, 2014 – Bank of America email phishing scam

It was just last week that I provided you with the worst attempt at a phishing scam I had ever seen. In a phishing scam you are lured into clicking on a link or providing information to an identity thief who sends you an email that generally appears to be from a trusted source and tricks you into responding to a phony emergency.  Many phishing scams are not very well done, as was the case last week with a phishing letter that combined an email address that was obviously phony, poor grammar and no logo of the company purporting to be sending the email.  However, today I received an email which is copied below that may be one of the best phishing scams I have ever encountered.  The email address from which it was sent appears legitimate, it is written with proper grammar and spelling and it contains excellent counterfeit versions of the Bank of America logo.  As usual it describes a believable emergency to which I must respond and carries the tainted link for me to click on to proceed to remedy the situation.  DO NOT CLICK ON THE LINK in this copy or in a version you may receive because if you do, one of two things will happen and either is bad.  Either you will be prompted to provide personal information about your bank account which will lead to your account being emptied by the identity thief or, by clicking on the link, you will unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer and use it to make you a victim of identity theft.

TIPS

Never click on links or download attachments contained in emails or text messages because you can never be sure of whether they are legitimate or not and the risk of downloading malware is too great.  If you have any thought that the email or text message might be legitimate, you should call the real company, in this case, Bank of America at a telephone number that you know is accurate to confirm whether or not the communication was legitimate.  You should also make sure that all of your electronic devices including your computer, laptop, tablet and smartphone have current anti-virus and anti-malware software, but remember, you cannot totally rely on these security software programs because they are generally ineffective against the latest viruses and malware.

“To ensure delivery, add onlinebanking@ealerts.bankofamerica.com to your address book.
Exclusively for: |
Online Banking Alert
Your Account Security Check
Security Checkpoint:
You last signed in to Online Banking on 05/10/2014.
Remember: Always look for your SiteKey® before entering your Passcode.
To: Bank Of America Account Holders
Account: PERSONAL/BUSINESS CHECKING/SAVINGS ACCOUNT
Date: 05/11/2014
Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on your account. So we have decided to put an extra verification process to ensure your identity and your account security. Please click on Sign in to Online Banking to continue to the verification process and ensure your account security. It is all about your security. Thank you.
Security Checkpoint: This email includes a Security Checkpoint. The information in this section lets you know this is an authentic communication from Bank of America. Remember to look for your SiteKey every time you sign in to Online Banking.
Email preferences
This is a service email from Bank of America. Please note that you may receive service email in accordance with your Bank of America service agreements, whether or not you elect to receive promotional email.
Privacy and security
Keeping your financial information secure is one of our most important responsibilities. For an explanation of how we manage customer information, please visit the Bank of America website to read our Privacy Policy. You can also learn how Bank of America keeps your personal information secure and how you can help protect yourself.Bank of America Email, 8th Floor-NC1-002-08-25, 101 South Tryon St., Charlotte, NC 28255-0001Bank of America, N.A. Member FDIC. Equal Housing Lenderhttp://www.bankofamerica.com/help/equalhousing.cfm?cm_mmc=Email-Specific-_-Email-_-Footer-_-equalhousing
© 2014 Bank of America Corporation. All rights reserved.”

Scam of the day – July 4, 2013 – Customer satisfaction survey scam

This scam starts innocently enough when you receive an email asking you to fill out a customer satisfaction survey for a major company, such as Bank of America.   In return for completing the survey you are promised a valuable gift card.    After a few appropriate questions, however, the survey asks for some personal information from you such as your credit card number, or your Social Security number.  This is where the identity theft begins.  Even though the email with the survey appears to be legitimate and even carries the logo of a legitimate company, the truth is that the logo is counterfeit and the email is not from a legitimate company, but rather from an identity thief who is merely trying to lure you into providing information such as your credit card number or Social Security number in order to make you a victim of identity theft through a technique called phishing, whereby the identity theft tricks you into providing information by posing as a legitimate company.

TIPS

No legitimate survey requires personal information from you of a nature such as your credit card numbers or Social Security number that can be used to make you a victim of identity theft.  You should never provide such personal information in response to any email because you can never be sure that the email is legitimate.  If you are every asked for such information and even if it appears to be a legitimate request, you should check out the legitimacy of the email request by calling the company or governmental agency at a number that you know is accurate to confirm whether or not the request is indeed legitimate.  You can also Google the company doing the survey and add the word “scam” to your Google search to see what comes up as well.  Finally, as I have warned you many times before, you should never click on links in emails you receive until you have confirmed that they are legitimate.  Otherwise you run the risk of downloading a keystroke logging malware program that can steal all of the information from your computer and make you a victim of identity theft.