Bank of America “Activity Alert” Phishing Scam

Outline:
“Activity Alert” email purporting to be from the Bank of America claims that your account has been restricted because someone has used the account from different locations. It urges you to “renew your account information”  by opening an attached file and completing an update form.

Analysis:
The email is not from the Bank of America and the claim that your account has been restricted is untrue. Instead, the email is a phishing scam designed to steal your personal and financial information.

If you open the attached file, a fraudulent account update form will load in your web browser.  The form asks for your account login credentials along with other sensitive information including your social security number.  If you fill in and submit the form, criminals can collect the information you supplied and use it to take control of your Bank of America account, steal your money, and conduct fraudulent transactions. The criminals may also be able to use the information they have collected to steal your identity.

Keep in mind that no legitimate financial institution would ever ask customers to provide passwords or any other sensitive personal information via an unsecure form delivered as an email attachment.

The Bank of America website has information about recognising and reporting any fraudulent emails that you may receive.

The Bank of America has been repeatedly targeted by phishing scammers over a number of years.

Example:
Subject: Activity Alert

Dear Bank of America Customer,

You have received this email because you or someone had used your
Online Banking account from different locations.

This may be due to changes in your IP address or location.
Protecting the security of our customers is our primary concern.

As a precaution, we have restricted your Bank of America account.

We now need you to renew your account information.

Please open the form attached to this email and follow the
instructions.

Thank you,

Screenshot of attached file:

Bank of America Phishing Scam


Last updated: March 14, 2017
First published: March 14, 2017
By Brett M. Christensen
About Hoax-Slayer

References
Bank Of America “Access Suspended” Phishing Scam Email
Phishing Scams – Anti-Phishing Information