« Reservation Rewards: Another Unsatisfied Customer | Main | Offered a Mortgage Bailout or 'Loan Modification'? Think Twice »

Beware Bank of America Phishing Scam

A reader recently sent us the following e-mail:

I received the attached phishing attempt in my Yahoo box today, twice. I'm passing it along in the hope you can help to combat it and alert others.

Thank you.
Sally

From: Bank Of America (services@ibankofamerica.com)
Subject: [Alert] : Update Your Account Information
To: XXXXXX@yahoo.com
Date: Wednesday, February 11, 2009, 2:03 PM

Dear Customer,

Bank Of America has been receiving complaints from our customers for unauthorised use of the Bank Of America Online accounts. As a result we are making an extra security check on all of our Customers account in order to protect their information from theft and fraud.

Due to this, you are requested to follow the provided steps and confirm your Online Banking details for the safety of your Accounts. Please Click Here To Start.

However, Failure to do so may result in temporary account suspension. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Thanks for your co-operation.
Fraud Prevention Unit
Legal Advisor
Bank Of America.

Sally's right. It's a classic phishing scheme, much like the one we wrote about last week.

The warning signs are both subtle and glaringly obvious. First off, note the use of the word "unauthorised." Would a bank as American as the Bank of America use the British variant of the word "unauthorized?" We think not.

Secondly, note the bad grammar in that sentence, which reads: "Bank Of America has been receiving complaints from our customers for unauthorised use of the Bank Of America Online accounts. The "for" should be "about," and the "the" should be "their." Other examples of bad English include the phrase "we are making an extra security check on all of our Customers account" and random acts of capitalization from start to finish.

Thirdly, the bank's official name is Bank of America, not Bank Of America, as it appears throughout this fraudulent e-mail.

Fourthly, a careful look at the e-mail address reveals that it's from something called "ibank" of America: services@ibankofamerica.com.

Fifthly, the "Please Click Here To Start" link redirects you to a site in Poland where members of "ibankofamerica" are waiting to serve themselves by stealing your personal information.

As Bank of America points out on its site, never click on any link in a suspicious e-mail.

If you get one of these e-mails, forward it to: abuse@bankofamerica.com
You should also forward it to the FTC: spam@uce.gov

Then you should delete it—with extreme prejudice.

Posted by Jorgen Wouters on April 9, 2009 11:13 AM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)