Bank Of America ‘General Account Update’ Phishing Scam

Outline:
Email purporting to be from Bank of America claims that the recipient’s account has shown unusual activity and that he or she must sign in to verify bank login details.

Note: The particular scam discussed here took place back in 2012. However, similar scam emails have continued to hit inboxes in the years since.




Brief Analysis:
The email is not from Bank of America. In fact, the message is a phishing scam designed to steal bank login details and other personal information from Bank of America customers.

Example:
Subject: Bank of America Warning : Error StatementGeneral Account Update from Bank of America
Sign in nowYour Bank of America account showed unusual activities this morning.What to do next?
Sign in now to verify your logon details.
If you feel this message has been sent to you in error.Go to your online account and check your current balance(s) for your account(s)We appreciate your business. It’s truly our pleasure to serve you. Bank of America Message Center.
Forgot your Online ID and/or Passcode?

Bank of America Phishing Scam





Detailed Analysis:
According to this “error statement” email, which purports to be from Bank Of America and arrives complete with seemingly official Bank Of America graphics and formatting, “unusual activities” have been detected on the customer’s account. The customer is instructed to follow a link in the message to sign in and verify account login details.

However, the email is not from Bank of America and the supposed account problems outlined are just a ruse designed to trick recipients into clicking one of the links in the message. In fact, all links in the email lead to a bogus website designed to emulate the real Bank of America website. Once on the bogus website, victims will be instructed to sign in by entering their banking login details. After they have “logged in” on the bogus site, they may then be asked to provide further personal and financial information, ostensibly as a means of verifying their account and resolving the errors. Login details and any other personal information provided will be collected by Internet criminals and subsequently used to hijack real Bank of America accounts and use them for fraudulent activities and identity theft.

The care and detail with which the scam email has been created makes this phishing scam attempt a little more sophisticated than some other such attacks and may fool at least a few bank customers into supplying the requested details.

Like many other institutions, Bank of America has been repeatedly targeted by cybercriminals and further such phishing attacks are likely. Be very wary of any email that purports to be from your bank and claims that you must click a link or open an attachment to supply login details and other private information. Banks and other types of financial institutions are very unlikely to ask customers to provide such information via an unsolicited email. Always log in to your bank’s website by entering its web address into your browser’s address bar rather than by clicking a link in an email.

The Bank of America website has information about recognising and reporting any fraudulent emails that you may receive.




Last updated: November 6, 2016
First published: April 23, 2012
By Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams – Anti-Phishing Information
Bank of America – Report a Suspicious Email
Bank Of America “Access Suspended” Phishing Scam Email