Bank of America “Access Suspended” Phishing Scam Email

Outline:
Email purporting to be from the Bank of America claims that access to your online account has been suspended due to a billing error. It claims that you must click a link to access and activate your account.




Brief Analysis:
The email is not from the Bank of America. It is a phishing scam designed to steal your account login details, your credit card numbers, and other identifying personal information.

Example:
Bank of America Phishing Scam





Detailed Analysis:
According to this email, which claims to be from the Bank of America, your online access has been suspended due to a billing error. It explains that the bank will review the activity on your account with you and, after you have verified your information, the restrictions placed on your account will be removed. It asks that you click a link to access and activate your account. The message includes the Bank of America logo along with a footer containing bank location details, secondary links, and a seemingly official copyright notice.

However, the Bank of America did not send the email. Instead, the email is a phishing scam designed to steal your personal and financial information.

If you click the link in the email, you will be taken to a fraudulent website that has been built to mirror the genuine Bank of America site. Once on the bogus site,  you will be asked to login with your online ID and passcode. After “logging in” on the fake site, you will be taken to an “account information” form that asks for your credit card numbers, your email address and password, your social security numbers, and other sensitive personal information (see screenshot below).

If you supply the requested details and hit the “continue” button, a fake “account verification” process will run in your browser window for a few seconds before automatically redirecting you to the genuine Bank of America website.

Now, online criminals can collect all of the information you supplied on the fake website and use it to hijack your bank account, fraudulently use your credit card and, possibly, steal your identity. They can also take over your email account, and use it to send spam, scam, and malware messages.

Your bank will never send you an unsolicited email that demands that you click a link or open an attached file to update details, lift an account suspension, or deal with a supposed billing error. It is always safest to login to your online accounts by entering the address into your browser’s address bar or via a trusted app.

The Bank of America website has information about recognising and reporting any fraudulent emails that you may receive.

Like other major banks, the Bank of America has been repeatedly targeted by phishing scammers over many years.




Bank of America Fake Website Form

Last updated: November 6, 2016
First published: November 6, 2016
By Brett M. Christensen
About Hoax-Slayer

References
Bank of America – Report a Suspicious Email
Phishing Scams – Anti-Phishing Information
Bank Of America ‘General Account Update’ Phishing Scam