This article was co-authored by Mitch Harris. Mitch Harris is a Consumer Technology Expert based in the San Francisco Bay Area. Mitch runs his own IT Consulting company called Mitch the Geek, helping individuals and businesses with home office technology, data security, remote support, and cybersecurity compliance. Mitch earned a BS in Psychology, English, and Physics and graduated Cum Laude from Northern Arizona University.
There are 7 references cited in this article, which can be found at the bottom of the page.
This article has been viewed 196,114 times.
If you suspect an email that appears to be from Bank of America is in fact fraudulent, don't panic. These emails, called "phishing emails," are actually sent to hundreds and thousands of people at a time in the hopes that one or two people will fall for the scam. As long as you learn how to recognize the signs of phishing, how to report it, and how to keep your information safe, you can protect yourself from identity thieves and scammers of all types.
Steps
-
Pay attention to the email address. One of the most common techniques of email scammers is to use an email address that appears to be official. After all, if the bank is emailing you, it stands to reason it's a legitimate inquiry. Often these email addresses aren't actually official email addresses, and are only similar to email addresses. For example:[1]
- The legitimate domain for Bank of America is @bankofamerica.com. If the domain in your email is @bankofamerica.us, or @ bankofamerica.net or any variation it's probably a fake.
-
Don't fall for any urgent appeals. There are very few "urgent" circumstances arising between a bank and its customer. Even if there are urgent circumstances, email is the last method of contact the bank will use.[2]
- If an urgent circumstance does arise, you'll either be contacted by telephone, postal mail, or you'll learn about it on the news.
- Keep an eye out for poor grammar, spelling, and punctuation. Phishing emails often originate from scammers outside of the US, so English isn't the native language of the scammers. Their correspondence is often littered with errors and/or spelled according to British spelling conventions.
Advertisement -
Remember that personal information is the key to identity theft. Scammers are usually out to commit some permutation of identity theft. As such they'll typically ask for some type of personal information in a phishing email.[3]
- In particular, they'll ask for Social Security numbers, credit card numbers, the PIN to your debit card or ATM card, or your Bank of America online login information.
- Bank of America will never ask you for any of the above in an email.
-
Don't delete the email--yet. You'll need to share the email with Bank of America eventually, so keep it in your mailbox until then. Meanwhile, don't click on anything in the suspicious email.
- Scammers can be very clever, and if they can't get you to give up your personal information directly, they will sometimes embed malware into links given in emails. The malware, which can be very hard to remove, can record personal information such as logins and passwords used to steal your identity.
-
Forward any suspicious emails (including full headers) to abuse@bankofamerica.com. This will go directly to their fraud-detection department. They will contact you by telephone to let you know whether or not the communication was legitimate. If the communication is fraudulent, they will work with law-enforcement to track down its source.[4]
- The header of an email is the technical version of the TO, FROM, and SUBJECT lines. If you want to learn how to view the header in your email program, you can learn at https://mxtoolbox.com/Public/Content/EmailHeaders/
-
Call Bank of America directly to report the fraud. Bank of America also has a telephone line where you can report suspicious activity. If you feel more comfortable initiating the complaint over the phone, call 1-800-432-1000.[5]
-
Beware of similar schemes. Less commonly, the same types of scams are run through text message and Voice Over Internet Protocol phones. The same hallmarks, including urgent appeals, poor spelling, and the solicitation of private information, all apply.[6]
- You can report these types of suspected fraud exactly the same way. Email abuse@bankofamerica.com or call 1-800-432-1000.
-
Install antivirus programs on your computer and smartphone. While we all try to avoid getting hoodwinked, no one is perfect. A good antivirus and anti-malware programs is essential.[7]
- In addition, almost all antivirus programs have a free version. Look for a highly rated program with a good track record of success. A good source for reviews is cnet.com.
-
Don't carry sensitive information on your person. Unless you need them that day, keep items like birth certificates and Social Security cards at home and in a safe place. Sometimes all a scammer needs is a small piece of information to gather more information.[8]
-
Keep bank statements safe. If you receive paper banking statements and account statements in the mail, be sure to keep them in a safe place. When it comes time to throw them away, shred or otherwise destroy them first.[9]
- Better yet, switch to online banking and electronic billing. That way, a record is kept without the accompanying paper trail. In addition, it helps you familiarize yourself with your bank's online protocols, making it less likely you'll be fooled by a phishing email in the future.
-
Keep identifying information separated. Don't write your account number or driver's license number on a personal check, or your PIN on your debit card. By doing so, you make it easy on scammers. If they get a hold of one of these items, they are already in possession of more than one type of important information. Even though it sacrifices convenience, keeping your identifying information separate is more secure.[10]
Community Q&A
-
QuestionWhat if I did click a link in the email but didn't provide information? Should I run a scan on my computer?PreuxFoxTop AnswererYes, even if you did not enter any information, it is a good precautionary measure to run a basic scan on your computer in case the link itself put malware or spyware on your computer.
Video
Tips
References
- ↑ https://www.bankofamerica.com/security-center/bank-fraud-prevention/
- ↑ https://www.bankofamerica.com/security-center/faq/sharing-information/
- ↑ https://www.bankofamerica.com/security-center/identity-theft-protection/
- ↑ https://bettermoneyhabits.bankofamerica.com/en/privacy-security/how-to-avoid-email-scams
- ↑ https://www.bankofamerica.com/customer-service/contact-us/privacy-security/
- ↑ https://bettermoneyhabits.bankofamerica.com/en/privacy-security/how-to-avoid-email-scams
- ↑ https://bettermoneyhabits.bankofamerica.com/en/privacy-security/online-security-privacy-tips
- ↑ https://www.bankofamerica.com/privacy/faq/protecting-information-faq.go
- ↑ https://www.bankofamerica.com/security-center/identity-theft-protection/
About This Article
To report a Bank of America phishing email, start by forwarding it to abuse@bankofamerica.com and calling the bank directly to report the fraud at 1-800-432-1000. If you’re unsure whether you have a phishing email, look for signs like poor grammar and spelling, requests for personal information, or claims that your response is urgent. Additionally, a scam email will usually include a fake email address like @bankofamerica.us or @bankofamerica.net, as opposed to the legitimate domain name @bankofamerica.com. For more tips, like how to protect your personal information, read on!
Reader Success Stories
-
"Already familiar with these slick scam e-mails. Just wanted an e-mail address to forward this to. Hope forwarding helps the cause."..." more