FAKE Bank Of America Email/Text Message Scam – Explained
Written by: Stelian Pilici
Published on:
If you receive a Bank of America email or text message that looks suspicious, it could be a phishing scam. These scams target Bank of America customers and aim to trick you into giving away your personal and financial information, such as your account details, social security number, and credit card information.
The messages may have the Bank of America logo and branding, making them seem legitimate. Scammers use urgent-sounding subject lines and warnings of account suspensions or fraudulent activity to create a sense of urgency. You may be asked to click on a link or call a phone number to address an issue with your account.
If you follow the instructions in the message, you may be directed to a fake website that looks like Bank of America’s official site. On this site, you may be asked to enter your personal and financial information, which is then captured by scammers.
This article contains:
What is the fake Bank of America email or SMS message?
Bank of America (BoA) is a leading American multinational financial institution that provides banking and financial services to customers worldwide. Unfortunately, scammers and cybercriminals are targeting BoA customers with phishing scams, which aim to steal their personal and financial information. These scammers use various means to contact BoA customers, such as email, SMS text messages, and phone calls, and use tactics such as urgency and fear to trick their potential victims into disclosing their account credentials.
One of the most common tactics used by these scammers is to send SMS text messages or emails that appear as if they were sent by the Bank of America. These messages usually ask the customer to call a particular phone number, visit a website, or respond to them with their personal or financial information. These messages may contain urgent language, such as “Time-Sensitive Message” or “Warning,” to prompt the customer to act quickly.
If a customer falls for this scam and provides their Bank of America account information, the scammers can use it to steal their money and commit fraud. They may also use the information to open new accounts in the victim’s name, apply for loans or credit cards, or sell the information on the dark web.
Here is what a typical Bank of America scam message looks like:
{BOFA SERVICE}: We noticed a suspicious attempt… on your account. if Not you, please call 1-877-223-8248, Verification code #..
Bank of America: On 12/28/2022 you added a new ACH recipient. Reply YES to confirm.
Visit: https://bankofamerica-mobile03.com/ to remove or stop this addition.
Dear Bank of America Customer, your onetime password for sending $1250 to Jennifer Hall is XXXXXX. Do not share this code with anyone. If you did not request this code press one on your phone now and to speak with customer support officer.
{BOFA SERVICE}: We noticed a suspicious attempt… on your account. if Not you, please call 1-877-223-8248, Verification code #…
From: Bank of America [mailto:vlsdqg@upgrade.com] Sent: Monday, February 20, 2017 6:40 AM To: customerservice@bankofamerica.com Subject: Time-Sensitive Message from Bank of America” “Dear customer, please visit BankOfAmericaHelp.net (Ref #81923)” “Please visit CardsBankOfAmerica.com (Customer #55863)” “Your BOA-acct is temporarily disabled by our Security Dept. Learn more: http:/ow. ly/Dnul308wk6?ID756666.” “Warning / Please visit: apps-bankofamerica .com” “Notification / You have an account notification: protect-bankofamerica .com” “customers@boa-card.net / Customer alert / Please confirm www.boa-card .net” “(Alert: Suspicious Activity) Case 160027. Please visit http://account.id1999310bankofamerica .com. “Online / Security message: bankofamericauser.com” “Account Notice) Case 1012181. Please visit http://client.bankofamerica-id14713 .com” “(Attention: Suspicious Activity) Account notice: id412753-bankofamerica.com” “Valued member, we detected unusual activity on your account. To securely update your information, follow the link: http://bankofamerica.text-id338. com” “FRM:*Important-bankofamerica^MSG* MSG:Account Access Blocked. Please read this ASAP: xloginbofaadmin .com” “(BofA)-Important Message – Due to recent updates in our system you need to verify your information. Click the link below: http://bankofamerica.sms- auth4427.com” “BOfA: Your Bank Card is restricted due to failed payments. Follow www.USA-BankOfAmerica.com and remove Account limitation in 3 Easy Steps.” “(Visit# wwv.bnkofameirca.com-jtjgw.confirm19id.net/ Now) [fgeck]We are sorry but your_Bank0fAmeirca-issues#” “wvw2.boaonline.com-hnxst. review184id.net/Now)[188] We are sorry but your: BnkofAmerica-is-locked” “(BoA) Debit Card locked. visit www.xxxxxxxxxx. BankOfAmerica-BoA.com” “(855)996-0808 (BoA) Debit Card Locked. visit www.(my cell number). BankOfAmerica-BoA.com” “(go-to: wvw.bnkofamerica.com-sect jays.confirm540.net/?nr=. We are sorry but your bnk0famerica-debit visa is locked” “(Dear , this important Message is from BankofAmerica. Debit-Visa issues)Contact us now at 5182123866 and remove the limit. “ “18559333547: (BoA) Debit Card Locked. visit www.312xxxxx20. BankOfAmerica-BoA.com” “(bank of america message: important – please call at 630-701-6543 to review your account. Client id: 55g5lpfxf3dd5an)” “([B a n k O f A m e r I c a] UrgentMessage.Please Ring: (818) 688-4222)” “Bank Of America – ACCOUNT LOCKED Member: 7735471815. Urgent CALL : (855) 277-7117 “([B A N K OF A M E R I C A] UrgentNotification Contact: 914 266 8559)” “(Office My B.O.F.A Attention needed Contact: 9142668559)” “(MYB.O.F.A Urgent Notification Contact: 914 266 8559)” “(My Master Urgent Notification Contact: 914 266 8559)” came from 5078457487@sw.rr.com “ “([bank of america]}Your Attention Is Needed.Call 323 937 7432” “71222127@ndiweb.com ([BOfA]UrgentNotification.Contact: 831-298-1164)” “Direct debit issue.to solve please call now.” “Fwd: (Please Contact Bank Of America HelpDesk @ 1(978) 290 5085)”
The Bank of America email or text message is a scam that aims to infect your device with malware to steal your personal and financial information.
If you receive the Bank of America email or text message, do not call the customer support number. Instead, report the scam to the relevant authorities and delete the email or text message. If you believe that your personal information or payment details have been compromised, you should also contact your bank or credit card provider as soon as possible.
If you receive the Bank of America email or any other suspicious email it is important to take the following steps:
Do not open any attachments or click on any links in the email. The attachment or link is likely to contain malware.
Do not provide any personal information. Scammers may ask for personal information, such as your address or credit card information, in order to steal your identity.
Verify the authenticity of the email and the sender.
Report the email as spam. This will help to prevent other people from falling victim to the scam.
If you have already opened the attachment, run a full scan on your device with Malwarebytes Anti-Malware.
If you have already provided personal information, contact your bank and credit card companies, and monitor your account for any suspicious activity.
It’s important to be cautious when receiving emails or text messages from unknown or suspicious sources and to take steps to protect yourself from potential scams.
Is the Bank of America email or text message real?
It is crucial to recognize these phishing scams and avoid falling for them. Bank of America will never ask you to provide your personal or financial information via SMS text message or email. If you receive a message that appears to be from Bank of America asking for this information, do not respond to it or click any links provided in the message. Instead, contact Bank of America directly using the number on your card or statement to verify the legitimacy of the message.
The fake Bank of America email or text message is a scam that tries to trick you into clicking on a link or opening an attachment. To make the email more credible, these scammers use fake invoice numbers, renewal dates, official logos, and promotional banners.
Here are signs that this email is a scam, even though it looks like it comes from a company you know — and even uses the company’s logo in the header:
A generic greeting is used in place of a name (eg. “customer,” “account holder,” or “dear”).
The sender’s email address is not associated with a legitimate domain name
The email invites you to click on a link to resolve an issue. Most reputable organizations will not ask users to disclose sensitive information (e.g. credit card numbers) by clicking on a link.
There is a time limit or uncharacteristic sense of urgency
Poor grammar, spelling, and sentence structure may hint that an email is not from a reputable source.
While real companies might communicate with you by email, legitimate companies won’t email or text message you with a link to login or update your account. Phishing emails can often have real consequences for people who give scammers their information, including identity theft.
What should I do now?
We recommend that you ignore the content of the Bank of America email or text message and delete it from your Inbox.
If you have already fallen for this scam and provided your Bank of America account information to a phishing website or via email, you should contact Bank of America immediately to report the incident. Bank of America has a dedicated team that can help customers who have been victims of scams or fraud, and they will work with you to secure your account and prevent any further unauthorized activity.
If you have downloaded any attachments or clicked on any links from this email, or if you suspect that your computer might be infected with malware, you can follow the below steps to scan your device for malware with Malwarebytes and remove it for free.
Check if you’re device is infected with malware
The Bank of America phishing emails may contain malware within the attachments or links that appear in the body of the email. By interacting with the malware — for example, opening or downloading an attachment that contains a malicious payload — the user may unknowingly infect their device or network, enabling attackers to gain access to protected applications and data.
To check your computer or phone for Trojans, browser hijackers, or other malware and remove them for free, you run a scan with Malwarebytes Free.
Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.
Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android
Scan your computer with Malwarebytes for Windows to remove malware
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes for Windows
You can download Malwarebytes by clicking the link below.
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Your computer should now be free of trojans, adware, browser hijackers, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Scan your computer with Malwarebytes for Mac to remove malware
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your Mac should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Scan your phone with Malwarebytes for Android to remove malware
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
Your phone should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Here are 10 basic security tips to help you avoid malware and protect your device:
Use a good antivirus and keep it up-to-date.
It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.
Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.
Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."
Install an ad blocker.
Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.
A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.
Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.
Back up your data.
Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.
Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.
Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don't use pirated software.
Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.
To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.
Meet Stelian Pilici
Stelian leverages over a decade of cybersecurity expertise to lead malware analysis and removal, uncover scams, and educate people. His experience provides insightful analysis and valuable perspective.
