Did you just receive a suspicious email, call or a text message that was supposed to be from Bank of America? How to tell if it’s a scam and what can you do about it?
Thieves attempt to lure you into providing personal information with the help of bank phishing and email spam, fake telephone calls or even through regular mail. The goal of getting your personal information is the same, just the communication method is different.
Bank of America Scam Examples
Attempts at getting personal information from you are usually disguised in clever ways. Scammers will make you believe they are the official representatives of Bank of America. In order to obtain this information they will usually disguise their attempt as being a security confirmation.
Bank of America eMail Scam Phishing
As with all phishing emails, if you click on the links provided, your personal information will be relayed to the fraudster. They lure you in by giving the impression that there is an emergency that requires your immediate attention, or bad consequences will occur. That e-mail would appear to come from Bank of America.
Inside the email there will be a link and all efforts of the email text will be targeted to make you click on this link. If you follow the link you will be redirected to a fake website that will appear as if it is the original Bank of America website. The fake website will store your credentials in their own database if you enter them.
The link could also point you to download a keystroke logging malware that will record everything you type and attempt to steal all of your personal information that you type on the computer. It is then easy to identify when you have typed the name of a webpage in your browser and what your username and password is.
The grammar of the email body is usually quite the giveaway of a phishing attempt. Poor spelling will always indicate that. However, phishing attempts could be flawless in grammar as well, so do not rely on this indicator alone.
The supposed confirmation can only occur when the victim clicks on the link provided in the e-mail. In reality, however, by clicking on the link, the victim is redirected to another fake page where he or she is asked to log in with their online ID and passcode.
Once they have logged on, the cybercriminals already have the victim’s login details, but they want to get as much personal information as possible. Therefore, the victim has to fill in a form with their personal and financial details on the next page.
The information that a victim has to enter may include first and last name, address, city, zip code, mobile phone number, e-mail address, credit card number, card expiry date and CVV number.
The login and security page looks like the official site, and without a doubt, if the grammar was correct, the scam would have tricked many more unsuspecting users.
If you receive such an email and think it may be legitimate, simply call your bank at a phone number you know is correct and you will be able to confirm that it is a scam.
Bank of America Fake Phone Call
The telephone scheme is a kind of phishing scam as well. The number that may call you could in fact appear as if it was a real number from Bank of America. Scammers are able to spoof a phone number and make it appear as if it is coming from someone else. You can not trust any inbound call no matter what is on the caller ID.
The caller on the other end will claim he works with the bank, and that someone just attempted to use your card in a remote location. Receiving legitimate calls from banks regarding attempted fraud is usual, so you may not suspect anything fishy.
Upon confirming it was in fact not you, they will ask you to confirm your credit card number so that they can block it. Needless to say this should ring your alarm bells. A bank will not ask you to tell them your credit card information over the phone. This is a clear sign that someone just attempted to trick you into giving them your confidential information.
The moment the fraudster on the other end puts pressure on you to verify or give up information, it is easy to make a mistake or overlook a detail or clue that indicates fraud.
TIP: Always respond to an inbound caller that you need to verify them, before you proceed with the discussion. And you can such a verification with a simple callback. Instead of interacting with an inbound call, you call the bank yourself and avoid all the trouble. Call the phone number listed on their official website and no other. Then you will know what is real and what is not.
Bank of America Fake Regular Mail Letter
In an even more elaborate attempt at getting your information, scammers will make a fake credit ör debit card and send it to your address. Not long after you have received your new “card” a fake employee of BoA will call you and notify you that there has been an unauthorized use of your card and that you should destroy your old and new card immediately.
The scammer will already know your username, address, email address and your phone number. This information was obtained previously in a successful phishing attempt. However, nowadays it may not be enough to get the password and username from you. They still need your text message to confirm the login.
You are still on the phone with them and worried that someone used your card as they have just told you. In order to cancel the cards you will need to confirm the PIN number that they are about to send you.
Little do you know that the caller is actually trying to login with your username and password to your bank and the only thing they needed was the PIN number. If you gave it to them, they just received the green light to empty your bank account.
In Conclusion
Companies that do not have the right security procedures can often leave themselves and their customers vulnerable to this kind of social engineering attacks.
A small business could easily be tricked into revealing personal customer information over the phone if a clever thief has just enough information to make it look credible.
A cunning cybercriminal could then use this information to find members of that bank and use social engineering to find information such as their home address and phone numbers to fake them.
It can’t hurt to be skeptical about unsolicited email, even if it appears to come from a company you do business with regularly.
Therefore, the only click you need is the delete button. And the only call you should make is to your financial institution. Never dial the number in the email or letter, but go directly to the original website to find their phone number.