Bank of America Phishing Scams Examples - By CyberTopCops.com

Date: 31 October 2007
Received from "Service bankofamerica" <bankofamerica@security.com>
Subject: IMPORTANT: Security Issues [Incident 040921]


Customer using a laptop for Online Banking Online Banking Alert
   
   

Irregular Check Card Activity


Account:  MYACCESS CHECKING
     

We detected irregular activity on your Bank of America Check Card on 6/15/2007. For your protection, you must update your account before you can continue using your card.

Please visit Online Banking at www.bankofamerica.com to review your account. If you have any questions about your account or need assistance, please call us at [DELETED] . We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account.

     

Want to confirm this email is from Bank of America? Sign in to Online Banking and select Alerts History to verify this alert.

   

Want to get more alerts? Sign in to your online banking account at Bank of America and within the Accounts Overview page select the "Alerts" tab.

   
   

Because email is not a secure form of communication, please do not reply to this email.
If you have any questions about your account or need assistance, please call the phone number on your statement or go to Contact Us at www.bankofamerica.com.

 
 

"bankofamerica@security.com" - These poor idiots don't even know the difference between a mailbox and a domain.

Scammers are always using different tactics to fool people. In this particular incident the scammers used a fake telephone number as an alternative way to obtain sensitive information from their victims. Many people trust a telephone number more than an e-mail address or a website and unfortunately these people fall victim to these scams quite easily. Never trust any contact details unless you obtained it from an undisputable source. There is actually a very helpful tip in this e-mail (the scammers most probably forgot to remove it from the template they used to compose this e-mail, or they decided to keep it there to create a false sense of security)

"If you have any questions about your account or need assistance, please call the phone number on your statement..."

If these criminals already have your postal address, make absolutely 100% sure that your bank statements are genuine statements from Bank of America before using any information printed on these statements.


Date: 08 September 2007
Received from "Bank of America Alerts" <alert@bankofamerica.com>
Subject: Your Account Has Been Blocked - Restore Your Online Account Access Now


Customer using a laptop for Online Banking Online Banking Alert




Your Account Has Been Blocked



Dear Bank of America Customer,

There are a number of invalid login attempts on you account. We had to believe that, there might be some security problems on you account. So we have decided to put an extra verification process to ensure your identity and your account security.

Please click here to continue the verification process and ensure your account security.

Thank you for your cooperation.




Want to get more alerts? Sign in to Bank of America Online Banking and click the "Manage Alerts" link in the "I want to..." box.





Because email is not a secure form of communication, please do not reply to this email.
If you have any questions about your account or need assistance, please call the phone number on your statement or go to Contact Us at www.bankofamerica.com.




Perhaps one of the more advanced types of phishing scams among the multitude of phishing scams circulating through the Internet. Although it contains the same layout and appearance as the example below, it is far more professional in terms of spelling and grammar. The advice to call the number on your bank statement and to visit www.bankofamerica.com may look like an illogical and stupid thing to do if you look at it from a scammer's perspective, but it is actually an arrogant decoy to convince the recipient that the e-mail really came from Bank of America. Yet again, a simple rule of thumb applies when it comes to banking phishing scams, banks will never send you an e-mail to verify anything.

The e-mail is not without any flaws though. "We had to believe that...". The scammers speak as if they had no choice to believe. It is normally something around the likes of "We had no other choice but to suspend your account...". So there is one obvious boo-boo that does not sound like something that came out of the mouth of a professional organisation like Bank of America.

"So we have decided to put an extra verification process to ensure your identity and your account security." This sentence makes no sense at all. Put an extra verification process, where, what? To ensure your identity? We thought they wanted to verify your identity.

The scammer also left an interesting comment inside the HTML code, reading as follows:
"<!---------- You dont know me, but I know who you are ------->".

One thing is for certain, the victim might not know you who you are, but you need to learn how to spell the phrase "don't" before leaving stupid comments like this in the e-mail source. You might give someone a laugh instead of a scare.


Date: 16 May 2007
Received from "Bank Of America" <alert@clubic.com>
Reply-To: "Bank Of America" <mailalert@boa.com>
Subject: Bank of America Alert protection I.A.C.


Customer using a laptop for Online Banking Online Banking Alert




International Access Code (I.A.C)



You are receiving this message, due to you protection, Our Online Technical Security Service Foreign IP Spy recently detected that your online account was recently logged on from am 88.59.145.131 without am International Access Code (I.A.C) and from an unregistered computer, which was not verified by the Our Online Service Department.

If you last logged in you online account on Monday May 5th 2007, by the time 6:45 pm from an Foreign Ip their is no need for you to panic, but if you did log in your account on the above Date and Time, kindly take 2-3 minute of your online banking experince to verify and register your computer now to avoid identity theft, your protection is our future medal.

Verification Link



Want to get more alerts? Sign in to your online banking account at Bank of America and within the Accounts Overview page select the "Alerts" tab.





Because email is not a secure form of communication, please do not reply to this email.
Notice: You can acess your account from a foreign IP or country by getting am (I.A.C) International Access Code, by contacting our local brances close to you.




What does "alert@clubic.com" have to do with Bank of America? And why would they use a different domain to receive replies to this message?

"...your online account was recently logged on from am 88.59.145.131 without am International Access Code (I.A.C) and from an unregistered computer, which was not verified by the Our Online Service Department."

What is an unregistered computer? Banks do not "register" their client's computers on their online banking system, they do not force their clients to do online banking only from one specific computer, what would happen if someone stole it? Banks do not follow the ridiculous procedure described in this e-mail, so you can already tell that this is a scam by just reading the first couple of sentences. In fact, the "From" and "Reply-To" e-mail addresses should already tell you that you are not dealing with a legitimate e-mail here.

"If you last logged in you online account on Monday May 5th 2007, by the time 6:45 pm from an Foreign Ip their is no need for you to panic, but if you did log in your account on the above Date and Time..."

This is what happens when you don't proofread your junk. If you logged into your account at that time, don't worry, but if you did... wait a minute, you don't have to worry but you still have to do their silly verification. Which bank will send confusing junk like this to their clients?