Internet security firm Webroot has reported sightings of fraudulent BofA notices that are littered with hyperlinks pointing to third-party websites serving malware.
It shouldn’t be terribly difficult to determine whether or not the email you’re looking at is a fake. Aside from having an untrustworthy sender’s address (which is usually firstname.lastname@example.org, email@example.com, or firstname.lastname@example.org), the email is littered with grammar mistakes and doesn’t have a single link pointing towards the Bank of America website.
Take a look for yourself:
Subject: Online Banking Passcode Changed
Exclusively for [EMAIL]
Bank of America
Online Banking Note
Online Banking Passcode Changed
You last signed on to Online Banking on [RANDOM DATE].
Remember: Always look for your SiteKey® before entering your Passcode.
Account: CHK ending in XXX1
Your Online Banking Passcode was requested to be reseted on [DATE].
Your security is important to us. If you are nescient of this change, please contact us immediately at this form.
Like to get more Notifications? Log in to your Online Banking at Bank of America and at the the Accounts Overview page select the Alerts tab.
Security Checkpoint: This email includes a Safety Checkpoint. The information in this section lets you know this is an authoritative communication from Bank of America. Remember to verify your SiteKey every time you sign on to Online Banking.
This is a warning email from Bank of America. Please note that you may receive service message in accordance with your Bank of America service agreements, whether or not you elect to receive promotional letters.
Contact us about this email
Please do not reply to this email with sensitive information, such as password. The security and confidentiality of your personal details is all-important to us. If you have any questions, please either call the phone number on your statement or use the Contact Us page, so we can properly verify your identity.
Privacy and Security
Bank of America Email, 7th Floor-NC8-985-65-51, 609 South Seaside Tryon, Avenue, Charlotte, TX 67551-3036
If you did make the mistake of clicking on a link, you would be directed to page on a compromised website that’s configured to exploit system vulnerabilities to plant malware on your computer.
So, hopefully you took the time to mouseover links to check the true destination URL, saw that it wasn’t a legitimate Bank of America URL, and decided not to follow them.
What to Do with Bank of America Phishing Emails
In the event that you receive a suspicious email claiming to be from BofA, it is strongly recommended that you:
- Do not click any links or respond to the email.
- Report the email to BofA by forwarding it to email@example.com.
- Delete the email immediately.