Posts Tagged: ‘bank of america phishing’

Scam of the day – March 7, 2016 – Bank of America phishing scam

March 7, 2016 Posted by Steven Weisman, Esq.

Here is another good example of a phishing email that is presently being circulated.   It makes for compelling reading, but it is a scam.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.  Here is a copy of a new phishing email that appears to come from Bank of America that is presently circulating.  This particular one came with particularly good looking graphics and a Bank of America logo, but it is a scam.  DO NOT CLICK ON THE LINK.

http://
Online Banking Alert
Unauthorized Sign-In
As part of our security measures, during our system regularly scheduled account maintenance and verification procedures, we have detected a slight error in your online banking information. Our system requires account verification for more security and protection to your account.

To confirm this verification log into Online Banking and update your information.

Once you have verified your records, your Account Services will not be interrupted and will continue as normal.
Security Checkpoint: This email includes a Security Checkpoint. The information in this sectionnlets you know this is an authentic communication from Bank of America.
Bank of America, N.A. Member FDIC. Equal Housing Lenderhttp://
© 2016 Bank of America Corporation. All rights reserved.

TIPS

An indication that this is a phishing email is that the email address from which it was sent had nothing to do with Bank of America, but most likely was from a computer that was part of a botnet of computers hacked into and controlled remotely by the scammer.  In addition, legitimate emails from your bank would include the last four digits of your account.  This email does not use the customer’s name or account number anywhere in the email.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call your bank at a telephone number that you know is accurate and you will be able to confirm that it is a scam.

Scam of the day -October 18, 2015 – Phishing alert

October 18, 2015 Posted by Steven Weisman, Esq.

Phishing is the name for the scam where an identity thief lures you through a phony email that purports to be from a  legitimate source such as your bank, a company with which you do business or even the IRS or some other governmental agency to a phony website that looks like the website of that legitimate company, but actually is just a scam intended to entice you into providing personal information that can lead to your identity being stolen.  Often there will be links in these phishing emails or text messages which you are advised to click on which will take you to a legitimate looking page where you are prompted to provide your personal information.  In other instances, clicking on the link will download malware such as keystroke logging programs that, once installed on your computer, will provide the scammer with all of your personal information from your computer. This information can be used to make you a victim of identity theft or even to empty your bank accounts if you use your computer for online banking.

In almost all of the major data breaches of recent years, the malware was downloaded when unwary employees clicked on links in phishing emails.  Phishing emails are always trying to convince you to open the email and click on the link with subject lines designed to get you to open the email.  Here is a list compiled by Fraudwatch International, a leading online protection company of some of the most effective phishing emails indicating from whom they are purported to be sent and the content of the subject line.

Bank of America – Important Notice

Westpac Bank – Your Account Has Been Blocked

PayPal – Resolve remote access

Chase Bank – INFORMATION ABOUT YOUR ACCOUNT

Apple Store  – About your last Transaction

Wells Fargo Bank – Deposit Hold Alert

TIP

Never click on a link to a website unless you are totally sure that it is legitimate.  Trust me you can’t trust anyone.  Even if you receive an email from someone you trust, it may not be from them at all, but rather from someone who has hijacked their email or even if it is from them, they may have, in turn, fallen prey to a scam artist and may be passing along dangerous malware without even knowing it.  Never click on a link unless you have confirmed that it is legitimate.  Another good preventative step is to install antiphishing software on your computer to warn you before going to a website that may be tainted.  A good, free antiphishing software program can be found at http://toolbar.netcraft.com/

Scam of the day – July 4, 2013 – Customer satisfaction survey scam

July 4, 2013 Posted by Steven Weisman, Esq.

This scam starts innocently enough when you receive an email asking you to fill out a customer satisfaction survey for a major company, such as Bank of America.   In return for completing the survey you are promised a valuable gift card.    After a few appropriate questions, however, the survey asks for some personal information from you such as your credit card number, or your Social Security number.  This is where the identity theft begins.  Even though the email with the survey appears to be legitimate and even carries the logo of a legitimate company, the truth is that the logo is counterfeit and the email is not from a legitimate company, but rather from an identity thief who is merely trying to lure you into providing information such as your credit card number or Social Security number in order to make you a victim of identity theft through a technique called phishing, whereby the identity theft tricks you into providing information by posing as a legitimate company.

TIPS

No legitimate survey requires personal information from you of a nature such as your credit card numbers or Social Security number that can be used to make you a victim of identity theft.  You should never provide such personal information in response to any email because you can never be sure that the email is legitimate.  If you are every asked for such information and even if it appears to be a legitimate request, you should check out the legitimacy of the email request by calling the company or governmental agency at a number that you know is accurate to confirm whether or not the request is indeed legitimate.  You can also Google the company doing the survey and add the word “scam” to your Google search to see what comes up as well.  Finally, as I have warned you many times before, you should never click on links in emails you receive until you have confirmed that they are legitimate.  Otherwise you run the risk of downloading a keystroke logging malware program that can steal all of the information from your computer and make you a victim of identity theft.

Scam of the day – January 7, 2013 – Most dangerous websites

January 7, 2013 Posted by Steven Weisman, Esq.

Phishing is the name of the scam whereby you are lured to a phony website that appears to be legitimate, however when you click on links in these phony websites, download material from these websites or provide information to these websites, you put yourself in danger of identity theft or of downloading dangerous keystroke logging malware that can steal all of the information on your computer including credit card numbers, your Social Security number, passwords and various account information.  In addition, you may unwittingly have your computer taken over as a part of a botnet (for more information about botnets, check out other postings on scamicide.com or in “50 Ways to Protect Your Identity in a Digital Age”) whereby your computer is made part of the botnet circulating scams around the world.

TIPS

Recently Trend Micro issued a list of the most common websites that were the subjects of phony phishing websites during the past month.  The top ten websites of which you should be particularly wary of to make sure that you are dealing with the legitimate company are:  PayPal, Wells Fargo, Visa, Citibank, Bank of America, Aol, Yahoo, Hotmail, Gmail and Mastercard.  Things to look out for to avoid phishing websites are when you are directed to a website through an email that does not refer to you by name or if the email contains spelling errors or poor grammar that may indicate the email is coming from a foreign scammer (or a poorly educated American scammer).  A good rule to follow is to not click on links in emails or text messages to go to a website.  If you consider the email or message worth following up on, go to the website of the legitimate company by typing the URL that you know is correct into your browser.