Cybercriminals are doing their best to imitate emails sent by Bank of America to notify customers of important account alerts in order to spread malware.
The spam email closely resembles legitimate BofA emails and is void of any obvious spelling or grammar mistakes – characteristics that typically tattle-tale on spam emails the moment they’re opened.
All but one of the links within the email point to the legitimate BofA website (just like the Delta Air Lines phishing email did), which happens to be the link that folks are most likely to click since it allegedly takes them to the alert message:
Please follow the link to download ALERT message here
However, the link points to an Italian domain that serves up a malware identified as Troj/FakeAV-EZF. Once on your machine, Troj/FakeAV-EZF will modify system files, disable IE internet security settings and open a backdoor to download additional malware or allow remote control.
How Can I Avoid Falling for This Fake Bank of America Spam Message?
One way to spot the fake Bank of America alert emails is to note how you are addressed within the email. Authentic BofA emails will address you by name, whereas the fake alerts will address you by email address.
Also, it’s generally a good idea to hover over a link and checking the actual address in the status bar before clicking on it. Of course, you could always bypass any email-related threats by visiting Bank of America’s website by typing in the URL in your browser, logging into your account and checking the ‘Alerts’ section for any new notifications.
Have you received any fraudulent Bank of America emails? Share your experience below!