3 min read

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Alina BÎZGĂ

July 16, 2021

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Identity thieves posing as Bank of America are targeting the inboxes of customers in the US in an attempt to steal personally identifiable information (PII) and credit card data.

Two ongoing phishing campaigns masquerading as legitimate bank correspondence have drawn the attention of Bitdefender researchers in the past week.

Bitdefender Antispam researchers spotted the first phishing campaign on July 10. According to our telemetry, the fraudulent correspondence originates from IP addresses in Belize. The fraudulent email presents itself as a seemingly legitimate security alert from the financial institution. It notifies recipients that their account was suspended due to unusual activity and asks them to download an online form.

Not having an account with Bank of America and receiving such correspondence should be a dead giveaway of a scam. But if you do have an account, take a look at the suspicious email domain -- @bentonairpark -- and the HTML attachment that should immediately sound the alarm.

Users who download and access the attachment are asked to confirm banking details and personal information, including:

  • Online ID, Full name, address and ZIP code
  • ATM, Card PIN or Passcode
  • Credit or Debit card number, expiry date and verification code (CVV)
  • Savings account number and routing number
  • Email address and phone number
  • Social Security number, date of birth, parents' names and driver license number

Here's a sample of the online form:

Fraudsters are trying to get as much information as possible to directly access customers' bank accounts and use the newly acquired identities to conduct various forms of fraud in the victim's name. If the lengthy process of filling out this form doesn’t discourage users, maybe the cramped style and poor layout will.

The second attempt at stealing users' information comes as a Bank of America gift card notification email that has reached hundreds of thousands of targets. 77% of the scam emails appear to have been sent from the Czech Republic, and 15% from the United States. Only 64% of the phishing emails were directed towards users in the US. 17% reached Ireland, 4% Denmark, and 3% Sweden. A limited number of users in the UK, Romania and Germany have also seen the scam.

This fraudulent email attempts to trick unsuspecting victims into taking an online marketing survey to win a $90 reward.

Once verified, the page asks users to provide details such as name, email address and telephone number, or more sensitive information such as credit card details to pay for processing fees or transfers charges. The scammers will then abuse any provided details.

The perps use a variety of subject lines and headers in an attempt to dodge antispam mechanisms.

Subject lines used include:

  • All-Your.Bank.Of.America.Rewards.in.One.Place
  • BONUS: $50 BANK OF AMERICA Gift Card Opportunity
  • Congratulations! You can get a $50 Bank of America gift card!
  • Leave your feedback and you could WIN!
  • Shopper, You can qualify to get a $50 Bank of America gift card
  • (ENDS.SOON) You're-.eligible.to.-receive.-exclusive.rewards

Markers in the email header indicating the sender include:

  • Bank of America Opinion Requested
  • Bank Of America Shopper Feedback
  • Bank of America Shopper Gift Card Chance
  • Bank of America Shopper Gift Opportunity

How can you avoid becoming a victim?

The best way you can avoid being scammed is to never respond to unsolicited emails that ask for your information unless you are absolutely sure of their origin.

Banks or financial instructions never ask customers to provide Social Security numbers, account numbers, ATM or debit card PINs, or any other sensitive information in response to an email. Knowing this information is vital when you're not sure if the email comes from a trusted source.

Moreover, even if the appeal is urgent, in most cases, banks will not use email as the initial method of contacting customers in response to a pressing matter. If you or a family member have received this email, forward it to your bank (abuse@bankofamerica[.]com), then delete it.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Threat Actors Impersonate Standard Chartered Bank To Spread FormBook Malware Threat Actors Impersonate Standard Chartered Bank To Spread FormBook Malware
Alina BÎZGĂ

July 28, 2021

2 min read
Despite all the advice, 97.7% of Twitter users have still not enabled two-factor authentication Despite all the advice, 97.7% of Twitter users have still not enabled two-factor authentication
Graham CLULEY

July 27, 2021

3 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
Alina BÎZGĂ

July 16, 2021

3 min read