I received one of those notices from Bank of America recently. Somehow it slipped through my spam filter. Interesting since I don't have a B of A account. I have yet to receive one purportedly from my own bank but I'd ignore it if I did.
The "Internal Revenue Service" sent me one just the other day. I don't even know what gets trapped by my filter that I never see. I delete them unread after glancing
Dear Valued Customer,
This email is your official notification from Ba*k of Am*rica.Your online Service has expired on 12-09-2007 ,if you want to continue using our service you have to Renew your online if not your online will be deactivated and deleted
(It goes on to say "click here". I deleted that part for this post.)
Many Thanks and Kind Regards - Bank of America Customer Department
And further down the list, was another:
The Ba*k of Am*rica Online department kindly asks you to take part in our quick and easy 5 questions survey. In return we will credit $20.00 to your account - Just for your time!
With the information collected we can decide to direct a number of changes to improve and expand our services. The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party.
It will be stored in our secure database for maximum 7 days while we process the results of this nationwide survey. We kindly ask you to spare two minutes of your time and take part in our online survey.end quote
Here's Krupo's post:
This summer saw a rash of phishing attacks on customers of TD Canada Trust.
Opportunistic crackers suckered people unfamiliar with the Internet into giving away their banking information.
The gist of the scam is like this:
1. "Someone is attacking your bank account."
2. "Please go to our website to confirm your information."
3. "Then you'll be safe."
The scam is as brilliant as it is insidious:
1. Yes, someone is trying to attack you. It's the person who just sent you that e-mail.
2. The website they're sending you to will look identical to your bank's site.
3. They'll take all the money out of your account as soon as they can or they'll extract all the information you give to commit identity theft, opening new credit cards accounts and other financial instruments in your name, ruining your credit card record.
There are at least three things anyone going online should know:
1. Your bank will never contact you by e-mail and ask you to share information or click on something.
* Never ever ever ever. If you think I'm wrong, call them and ask them prove me wrong.
* Don't use a phone number from the e-mail (should a scammer ever get that resourceful!) - print it out and take it to your local branch if you don't know where to call. I'm not sure if your branch is the best place, given the fact you have a bunch of high school kids working the wickets - though I'm probably being unfair, they could likely point out it's a scam better than some folks - but the manager or someone clever there should know!
2. The website address will often have the bank's name. And that means absolutely nothing. Using very basic computer code they can hide any link to a website with 'safe' looking words. Don't assume www.live.com will take you to Microsoft Live, because I can easily make it go to Google, Altavista, or Microsoft's search pages. I'll add another note regarding this at the end of this post.
3. Read carefully - note the spelling and grammar in the e-mail. Although it may not necessarily prove it's a scam, I'm amused and amazed by the number of typos you'll find in these scams. It's as if the scammer is taunting you - if you fall for their scam, they can laugh at the fact that you believed your bank would send such a poorly written e-mail. I've included a very fresh example at the end of this post. Enjoy the number of letters "e" in the word "speed" and this gem of a phrase: "to combat the fraud from our community."
What? "From our community"? Sadly, it's hard to tell whether it's a case of Engrish, deliberately poor writing, or the sign of a subpar command of the English language from a native speaker.
Either way, take advantage of those mistakes to protect yourself if you forget everything else I just said.
And yes, if you already know this, good for you. I wrote this as a reference material for anyone doing the smart thing, and trying to learn the Right Thing in case they're trying to answer the question, is this a phishing attack? Is this legitimate? Is someone trying to scam me?
Yes they are. This post will be useful if it helps even one person avoid getting swindled - if I got this piece of spam, others also got it.
For the record, the most recent attack looks like this:
Bank of America
Dear Bank of America client,
You have received this email because you or someone had used your account from different locations.For security purpose, we are required to open an investigation into this matter.
In order to safeguard your account, we require that you confirm your banking details.
The help speeed up to this process, please access the following link so we ca complete the verification of your Bank of America Online Banking Account registration information.
If we do no receive the appropriate account verification within 48 hours, then we will assume this Bank of America account is fraudulent and will be suspended.
The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community. We appreciate your support and understanding and thank you for your prompt attention to this matter.
Lastly, extra information concerning point 2 above - note where www.bankofamerica.com appears above. See that there's a number in front of the address? That's a dead giveaway that the link is a fake.
Every address on the internet - even www.steeplemedia.com actually represents a series of numbers. 22.214.171.124 is but one out of billions. If there's anything appearing in as an address other than the bank's true website name in your address bar, be very wary.