How to spot and report a Bank of America phishing email

What is a Bank of America phishing email?

A Bank of America phishing email is an attempt by scammers to weaponize Bank of America’s credibility — and your own concerns about your financial security — to steal your personal and financial information, like your account number, credit card numbers, or debit card PIN. The goal of these scammers is often data theft or, especially in bank-related phishing scams, directly stealing money from your bank accounts.

In the case of a scam email from Bank of America, cybercriminals pose as bank employees or Bank of America’s automated notification system. They use a variety of tactics, such as:

• Links that infect your device with malware or computer viruses.
• Fake websites that dupe the official Bank of America login page to gain access to your financial information.
• Transfers via various payment apps.
• Requests for account details and personal information to be verified via email, an online form, or a phone call.

Whether you access a Bank of America phishing email using an app on your phone or online via your laptop, interacting with scammers is always dangerous. Once cybercriminals gain access to your sensitive information, you enter dangerous territory. At best, you lose the money you transferred to them. At worst, your personally identifiable information could be used to make you the victim of identity theft.

The most common Bank of America phishing emails

Since cybercriminals often target large swaths of people at a time, you should keep an eye out for common Bank of America phishing emails. Here are a few examples of fraudulent emails that have been reported:

Account suspension

In this common imposter scam, you will receive a suspicious email claiming that your Bank of America account has been suspended due to fraudulent activity. To regain access, the scammer will ask you to provide account information, such as your account number, credit card information, and personal data, that they can then use to access your account for themselves.

Information verification

Similar to the account suspension Bank of America phishing email, this scam asks you to share additional information, such as your Social Security number, PIN, or driver’s license number, to “verify your identity,” which in turn hands over that information to identity thieves.

Bank of America gift card

This fraudulent email promises recipients a Bank of America gift card in exchange for completing a marketing survey, which requires you to divulge personal data and account information. Since Bank of America often runs special promotions for their customers, such as a cashback bonus for opening a new credit card, it may seem plausible that the bank would offer a gift card. Still, you should vet every Bank of America offer email thoroughly to avoid getting scammed.

Transfers

Phishers often leverage your fears about cybercrime to commit a cybercrime. Bank of America customers can authorize Security Center emails to receive notifications about unusual activity. In this scam, you will receive one such email confirming a large transfer, possibly through the third-party payment app. If you reply by saying you never authorized the transfer, you will find yourself the victim of a transfer scam, possibly Zelle scam. The scammer will encourage you to transfer your funds to “secure” new accounts since your original account has been “compromised.” In reality, the scammer has full control of those new accounts, and you will lose your money.

Unemployment debit cards

Phishers will contact you with the urgent news that the debit card you use to access unemployment benefits has been suspended. In order to reactivate the card, they will direct you to an online form requesting sensitive information, including your Social Security and account numbers.

How to spot a Bank of America phishing email

When you receive a suspicious email from Bank of America, phishing may be at play. Thankfully, most email scams have clear markers. Watch out for:

• Urgent appeals: Phishers often use pressure tactics to encourage you to take action without further research. For example, they may claim your account performed suspicious activity and urge you to immediately transfer the funds to another account to keep them secure.
• Mismatched email addresses: Official Bank of America emails come from an @bankofamerica.com address. Pay close attention to the sender’s email address, as sometimes they will incorporate subtle changes like @bank_of_america.com or change the sender’s name to trick you.
• Grammatical errors, typos, and strange phrasing: Bank of America’s emails are professionally written and edited. If you notice strange phrases that don’t sound right in English or a proliferation of grammatical errors, poor spelling, and incorrect capitalization, you may be interacting with a scammer.
• Requests for personal information: Legitimate banks will never ask you to share personal information online over channels such as email or online forms. If a sender wants you to give identifying details via email, it is a scam.
• Suspicious links: If a link seems strange, hover over it (without clicking) to see where it redirects to. You always want to see a security certificate (https://) at the beginning of the address. If the link is not sending you to the secure, official Bank of America website, it may be a scam.
• Special offers: Sometimes, things are too good to be true. Be cautious of emails offering cashback deals or Bank of America gift cards, as they could be phishing attempts.
• Transfer requests: Bank of America’s fraud department will never advise you to transfer money if your account is compromised.

If you see any of these signs, contact Bank of America directly through its official customer service channels. Customer service can confirm the legitimacy of any account activity or special promotions. If you discover fraud, learn how to report phishing emails.

What to do if you click on a link in a phishing email

Even when you’re staying alert, it’s still possible to click on a phishing link. This moment is critical, so follow these steps carefully:

1. Submit a Bank of America phishing email report by forwarding the email to abuse@bankofamerica.com. Then, call Bank of America’s fraud department to describe what happened and get their advice on the next steps.
2. Report the email as spam.
3. Delete the email immediately.
4. Change your Bank of America account password and enable two-factor authentication (2FA) to prevent scammers from accessing your accounts.
5. If you reuse your banking password for any other accounts, change the passwords for each account as well — make sure to use unique, hard-to-guess passwords. For more information, check out these tips for creating a strong password.
6. Scan your devices for malware that may have been downloaded from the phishing link. If you discover any, quarantine and remove it.
7. Monitor your accounts carefully. Check your credit card, debit card, and bank account regularly so that you can report fraud as soon as it happens.
8. If you have lost access to online banking, follow Bank of America’s instructions to recover your ID or password.
9. Use the Dark Web Monitor feature to see if your data is being sold on the dark web.
10. If you suspect identity theft, you may need to take further action, such as filing an identity theft report with the Federal Trade Commission.

How to report a Bank of America phishing email

Unsure how to report a Bank of America phishing email? If you did not interact with the scam, you just need to follow these simple steps:

1. Forward the email to Bank of America’s fraud department at abuse@bankofamerica.com.
2. Mark the email as junk mail and delete it.
3. You can also report Bank of America phishing emails to the Federal Trade Commission at ReportFraud.ftc.gov.

How to protect your Bank of America account

Cultivating strong internet safety practices can protect your account from Bank of America phishing emails and other scams.

• Be wary of links. If you have any suspicions about a link, do not click it.
• Verify information directly with Bank of America. Contact Bank of America through their official channels to verify promotions or bank account activity instead of interacting with suspicious emails.
• Never share passwords or authentication codes. Bank of America representatives will never ask for your password or account authorization code.
• Log in to your bank account. If you receive a fraud email alert, sign in to your account through the Bank of America’s mobile banking app or website (not the email link). Your online banking homepage will show all activity, notifications, and transfers, allowing you to confirm or debunk the information in the email.
• Never provide sensitive information online. Do not share personal data via an online form or email.
• Choose strong passwords. Create unique, strong passwords with at least 10 characters using uppercase and lowercase letters, numbers, and symbols so that one data breach doesn’t compromise multiple accounts. Change passwords regularly.
• Enable multi-factor authentication (MFA). MFA adds extra layers of security to your accounts by requiring multiple forms of identification for access. That way, if a scammer gains one piece of personal information, such as your password or birthday, they will still be blocked from your account.
• Use a VPN. NordVPN’s anti-phishing feature leverages purpose-built AI models to identify phishing threats and block malicious websites.

Don’t let phishing emails impersonating Bank of America send you into a panic. If you stay calm and follow these simple steps, you can keep your account safe and protect your identity.