Beware the FAKE BofA Alert Attempted Transaction Scam Texts
Written by: Thomas Orsolya
Published on:
Imagine waking up to a text message claiming that someone tried to spend hundreds of dollars from your Bank of America account in Phoenix, Arizona. The message looks urgent and official, and it gives you a phone number to call right away. Out of fear of losing money, many people dial the number without thinking twice. What happens next can be devastating.
This is the reality of the BofA Alert Attempted Transaction scam text, one of the most widespread phishing and tech support scams currently targeting consumers. If you have received a message like this, you are not alone. Scammers have been flooding phones across the country with fake “Bank of America” alerts that trick victims into giving away personal information, installing remote access tools, or even handing over thousands of dollars.
In this article, we will break down everything you need to know about this scam: what it looks like, how it works, how to protect yourself, and what steps to take if you have already fallen victim. This comprehensive guide is designed to help you stay informed and safe.
Scam Overview: Understanding the Fake “Your BofA Alert” Texts
The BofA Alert Attempted Transaction scam is a type of phishing and tech support scam that preys on fear and urgency. Scammers impersonate Bank of America (BofA) by sending fraudulent text messages that claim there has been a suspicious or unauthorized charge on your account.
One of the most common versions of this scam reads as follows:
“Your BofA alert: Attempted transaction of $375.28 in Phoenix, AZ. If this wasn’t you, please call 877-424-2680.”
While the message appears legitimate, it has nothing to do with Bank of America. Instead, it is carefully crafted to push you into taking immediate action by calling the phone number listed. Once you do, you are directed not to a Bank of America fraud center, but to a scam call center operated by criminals.
The Fake Details
The scam often includes very specific details to make it more convincing:
Amount: The fraudulent transaction is usually listed as $375.28.
Location: The purchase is described as being attempted in Phoenix, Arizona.
Phone Numbers: Victims are urged to call numbers such as (877) 424-2680 or (844) 587-5633.
Sender IDs: Some texts appear to come from a short code like 82932, while others come from spoofed phone numbers such as (818) 479-8887.
These details are not random. They are intentionally designed to:
Create urgency – The exact amount and location make it feel like a real charge is pending.
Appear official – Short codes like 82932 are often used by real banks, so they increase credibility.
Trap victims quickly – By including a phone number, the scam prevents you from verifying the message through your actual Bank of America account.
Why It Works
Scams like this work because they exploit psychological triggers:
Fear: Nobody wants their bank account hacked.
Urgency: The text makes you feel like you must act immediately to stop the charge.
Authority: Posing as a major bank gives the scam legitimacy.
Confusion: Victims are caught off guard and act before thinking.
The Bigger Picture
The BofA Alert scam is not just a one-off text message. It is part of a larger pattern of phishing and social engineering attacks targeting customers of many major banks. By using SMS (text messaging), scammers can bypass traditional spam filters and reach victims directly on their personal phones.
In some cases, the scam escalates into a full-blown tech support scam. Once you call the number, the fraudsters may instruct you to install remote access tools like AnyDesk or TeamViewer on your device. They may also ask you to transfer money to a so-called “secure account” or buy gift cards to “verify your identity.” In reality, these actions give scammers full control over your financial life.
Real Victim Reports
Across the U.S., people have reported receiving identical scam texts. The Federal Trade Commission (FTC) and Better Business Bureau (BBB) have issued warnings about similar schemes. Victims describe scenarios where:
They called the number and were told their computer was hacked.
The scammer convinced them to download remote software.
They were instructed to log into their online banking account.
Money was stolen, or gift card codes were demanded.
These reports confirm that the “BofA Alert Attempted Transaction” scam is not just a harmless text but a dangerous scheme designed to steal identities and drain bank accounts.
How the Scam Works
To truly understand the BofA Alert Attempted Transaction scam, let’s break down how it works from start to finish. This will help you see the red flags and avoid falling into the trap.
Step 1: The Fake Alert is Sent
The scam begins with a text message sent to your phone. It claims there has been an attempted transaction from your Bank of America account, often in Phoenix, AZ, for $375.28.
The message includes a phone number for you to call if the transaction was not yours. This number does not belong to Bank of America. Instead, it connects you to the scammers.
Step 2: The Victim Calls the Number
Most people, concerned about fraud, immediately call the number provided. When they do, they are connected to a call center that pretends to be Bank of America customer service.
The scammers use scripted dialogues to sound professional. They may ask for your name, phone number, or even your debit card number to “verify your identity.”
Step 3: Scammers Introduce a Bigger Problem
After “verifying” you, the scammers claim that your account has been compromised, or that your device has been infected with malware. They may say:
“Your account is under attack by hackers.”
“Your funds are at risk of being stolen.”
“We need to secure your device immediately.”
This is the point where the scam shifts from a fake banking alert to a tech support scam.
Step 4: Remote Access Tools
The scammers then instruct you to install remote access software such as:
AnyDesk
TeamViewer
LogMeIn
Zoho Assist
They guide you step by step through the installation process. Once installed, the software gives them full access to your device.
Step 5: The “Refund” or “Secure Account” Trick
Once inside your device, scammers use various tactics to steal money:
Refund Scam: They claim they are issuing you a refund for the fraudulent charge, but “accidentally” send too much money. They then pressure you to return the difference via gift cards or wire transfer.
Secure Funds Scam: They instruct you to transfer your money into a “safe account” that actually belongs to them.
Gift Card Scam: They ask you to buy gift cards and provide the codes as part of the “verification process.”
Step 6: Data Theft
While you are distracted, scammers may also:
Access your bank accounts.
Copy personal files.
Steal saved passwords.
Install malware for future access.
Step 7: Victim Realizes Too Late
By the time the victim realizes what happened, money may already be gone. In some cases, victims have lost thousands of dollars in a single call.
This entire process can happen in less than an hour. That is why awareness is the best defense.
(Word count for this section: ~810)
What to Do if You Have Fallen Victim to the BofA Alert Scam
If you have already responded to one of these scam texts or calls, do not panic. You are not alone, and there are steps you can take to limit the damage. Follow this checklist immediately:
1. Disconnect Remote Access
If you installed software like AnyDesk or TeamViewer at the scammer’s request, disconnect your device from the internet immediately. Uninstall the software, and if possible, perform a full system restore.
2. Contact Your Bank
Call the official Bank of America customer service number, not the number in the text. Report the scam and ask them to secure your account. You may need to:
Cancel your debit/credit cards.
Change your online banking password.
Review recent transactions for unauthorized charges.
3. Change Passwords
Update passwords for your:
Bank accounts
Email accounts
Social media
Any accounts that use the same password
4. Run Security Scans
Use trusted antivirus software to scan your device for malware. Remove any threats found.
FCC (Federal Communications Commission): file a complaint at fcc.gov/complaints.
Your local police department, if significant money was stolen.
6. Freeze Your Credit
If you gave out sensitive information like your Social Security Number, freeze your credit with the three major bureaus:
Equifax
Experian
TransUnion
7. Monitor Accounts
Check your bank accounts and credit reports regularly for suspicious activity. Consider signing up for credit monitoring services.
8. Warn Others
Let friends and family know about the scam so they do not fall victim.
Is Your Device Infected? Run a Free Malware Scan
Slow performance, constant pop-ups, or strange behavior? These are classic signs of a malware infection. The fastest way to find out is to scan your device with Malwarebytes Anti-Malware Free — one of the most trusted malware removal tools available.
The free version detects and removes the most common threats, including:
Adware — the cause of those annoying pop-ups
Browser hijackers — unwanted redirects and changed homepages
Trojans and spyware — hidden programs stealing your data
Potentially unwanted programs (PUPs) — software you never asked for
👉 Select your device below — Windows, Mac, or Android — then follow the simple steps to download Malwarebytes, scan your system, and remove any threats it finds. The whole process takes about 5 minutes.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes is one of the most popular and trusted anti-malware tools for Windows — and it’s completely free for removing infections. It catches threats that many antivirus programs miss, including adware, browser hijackers, and trojans. Follow the steps below to scan and clean your PC in just a few minutes.
Download Malwarebytes
Click the button below to download the latest version of Malwarebytes for Windows from the official source. The free version is all you need — it will scan your computer and remove adware, browser hijackers, and other malicious software at no cost.
(The link opens in a new page where your download will start)
Install Malwarebytes
When the download finishes, open your Downloads folder and double-click the MBSetup file. If Windows shows a User Account Control pop-up, click “Yes” to allow the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The setup wizard will walk you through a few quick screens:
Choose where you’re installing the program — “Personal Computer” or “Work Computer” — then click Next.
Malwarebytes will now install on your device. This usually takes under a minute.
When installation is complete, the “Welcome to Malwarebytes” screen will open automatically.
On the final screen, click Open Malwarebytes to launch the program.
Enable “Scan for Rootkits”
Before scanning, turn on rootkit detection so Malwarebytes can find even the most hidden threats. Click the Settings gear icon on the left side of the screen.
In the settings menu, find “Scan for rootkits” and click the toggle so it turns blue.
Done? Click “Dashboard” in the left pane to return to the main screen.
Start the Scan
Click the blue Scan button. Malwarebytes will automatically update its virus database and start checking your computer for malware.
Wait for the Scan to Finish
The scan checks your entire system for browser hijackers and other malicious programs, so it can take several minutes. Feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found — malware, adware, and potentially unwanted programs. Click the “Quarantine” button to remove all of them at once.
Malwarebytes will now remove the malicious files and registry entries and move them safely into quarantine.
Restart Your Computer
Some threats can only be fully removed after a reboot. If Malwarebytes asks you to restart, click Yes. Once you’re logged back in, your PC is clean and you can continue with the next steps in this guide.
When the scan finishes, click Quarantine to remove everything Malwarebytes found. That’s it — your Windows PC is now clean of trojans, adware, and other malware, and should be back to running smoothly.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is a free on-demand scanner that removes the malware other security software tends to miss — adware, browser hijackers, and unwanted programs included. Cleaning an infected Mac with Malwarebytes has always been completely free, and it’s our go-to recommendation. Follow the steps below to scan and clean your Mac in just a few minutes.
Download Malwarebytes for Mac
Click the button below to download the latest version of Malwarebytes for Mac.
When the download finishes, open your Downloads folder and double-click the setup file to begin the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The Malwarebytes for Mac Installer will guide you through a few quick screens. Click “Continue” and keep following the prompts until the installation completes.
When the installation is complete, Malwarebytes opens to the Welcome to Malwarebytes screen. Click “Get started“.
Select “Personal Computer” or “Work Computer”
Malwarebytes will ask what type of computer you’re installing it on. Click either Personal Computer or Work Computer, whichever applies.
Start the Scan
Click the “Scan” button. Malwarebytes will automatically update its detection database and begin checking your Mac for malware.
Wait for the Scan to Finish
Malwarebytes will scan your Mac for adware, browser hijackers, and other malicious programs. This can take a few minutes, so feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found. Click the “Quarantine” button to remove all the threats at once.
Restart Your Mac
Malwarebytes will now remove all the malicious files it found. Some threats can only be fully removed after a reboot — if Malwarebytes asks you to restart, allow it. Once you’re logged back in, your Mac is clean.
Once the scan is done, remove every threat it detected. Your Mac is now free of adware, rogue browser extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
After the scan, tap Remove Selected to delete all detected threats. Your Android phone is now clean — no more malicious apps, adware, or browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Now that your device is clean, keep it that way. Most infections start with a malicious ad or a fake download button — so blocking them at the source is your best defense.
We recommend AdGuard, which blocks malicious ads, phishing pages, and dangerous redirects before they can reach you.
Frequently Asked Questions About the BofA Alert Attempted Transaction Scam
What is the BofA Alert Attempted Transaction Scam Text?
The BofA Alert Attempted Transaction scam text is a fraudulent SMS message designed to trick Bank of America customers into believing there was an unauthorized purchase on their account. The message typically claims there was an attempted transaction of $375.28 in Phoenix, AZ and provides a phone number to call, such as (877) 424-2680 or (844) 587-5633. These numbers do not belong to Bank of America. Instead, they connect victims to scam call centers where fraudsters attempt to steal personal information, banking details, or money.
How can I tell if a Bank of America alert text is fake?
To recognize a fake BofA alert text, look for these red flags:
Suspicious phone numbers: Scammers use numbers like (877) 424-2680 or (818) 479-8887 instead of official Bank of America lines.
Unusual sender IDs: Some texts appear to come from short codes like 82932, which are easy to spoof.
Urgent language: The text pressures you to act immediately to stop a fraudulent charge.
Unverified links or instructions: The text may ask you to call, click, or download something.
Generic tone: Real banks usually personalize messages with your name or partial account number, while scam texts often don’t.
If you are unsure, log in directly to your Bank of America online account or call the official customer service number on the back of your debit/credit card.
What happens if I call the number in the scam text?
If you call the phone number listed in the scam text, you will not reach Bank of America. Instead, you will be connected to a fraudulent tech support call center. The scammers may:
Pretend to be Bank of America fraud specialists.
Claim your account has been hacked or compromised.
Ask you to install remote access software like AnyDesk or TeamViewer.
Pressure you to transfer money to a so-called “secure account.”
Demand payment in gift cards or cryptocurrency.
By cooperating, victims may unknowingly give scammers full access to their banking accounts, personal files, and financial details.
Is the number 877-424-2680 a scam?
Yes. The number (877) 424-2680 is widely reported as part of the BofA Alert Attempted Transaction scam. It does not belong to Bank of America. Calling this number connects you to criminals posing as customer service agents.
Is the number 844-587-5633 a scam?
Yes. The phone number (844) 587-5633 has also been identified as part of this fraudulent scheme. Scammers use multiple phone numbers, so even if one is shut down, they can switch to another. Always verify numbers through the official Bank of America website.
Why do scammers use Phoenix, AZ and $375.28 in the text?
Scammers often include specific details like “Phoenix, AZ” and “$375.28” to make the alert seem real. These details are carefully chosen because:
A specific location adds credibility.
A precise dollar amount makes the message appear legitimate.
The transaction amount is high enough to trigger alarm but low enough to feel believable.
This is a psychological tactic to increase the chances of you reacting quickly without verifying the message.
What should I do if I clicked the link or called the scam number?
If you interacted with the scam in any way, take these immediate steps:
Disconnect remote access software (AnyDesk, TeamViewer, etc.) if installed.
Call Bank of America directly using the number on your debit/credit card.
Change your online banking password and any other accounts using the same credentials.
Check your account transactions for unauthorized activity.
Run a security scan on your device to remove malware.
Report the scam to Bank of America, the FTC (reportfraud.ftc.gov), and the FCC (fcc.gov/complaints).
Can scammers really steal money with just a phone call?
Yes. Scammers use social engineering to convince victims to reveal sensitive information or transfer funds themselves. Even if you never share your password directly, scammers may trick you into:
Entering login credentials on a fake website.
Transferring money to a “safe account” that actually belongs to them.
Giving them access to your computer or phone through remote tools.
Once inside your account, they can quickly drain your balance, make wire transfers, or commit identity theft.
Does Bank of America send real fraud alert texts?
Yes, Bank of America does send fraud alert texts, but there are key differences:
Legitimate alerts come from official short codes verified by Bank of America.
They will not ask you to call back on unfamiliar numbers.
They will not ask you to install software, share gift card codes, or transfer funds.
You can always verify real alerts by logging into your official Bank of America mobile app or calling the number on your card.
How can I protect myself from text message scams like this?
Here are the best ways to stay safe from the BofA text message scam and other phishing attempts:
Never call the number in the text.
Verify alerts by logging into your bank account directly.
Block and report scam numbers.
Install mobile security apps that detect SMS phishing.
Educate family members, especially seniors, who are often targeted.
Enable two-factor authentication on your bank accounts for extra security.
What should I do if I gave scammers my personal information?
If you shared sensitive information with scammers, act quickly:
Bank account details: Call Bank of America immediately and secure your account.
Password: Change it immediately on all accounts that use it.
Social Security Number: Consider a credit freeze with Equifax, Experian, and TransUnion.
Credit card details: Cancel your card and request a replacement.
The faster you act, the more damage you can prevent.
Can I get my money back after being scammed?
Recovery depends on how the money was stolen:
Unauthorized charges: Bank of America may be able to reverse fraudulent transactions if reported quickly.
Wire transfers: These are harder to reverse, but your bank can sometimes intervene.
Gift cards or cryptocurrency: Unfortunately, these payments are almost impossible to recover.
Always report the incident to Bank of America immediately.
Where can I report the BofA scam text?
If you receive a suspicious text claiming to be from Bank of America:
Forward the message to 7726 (SPAM), a free spam-reporting service.
Report to the FCC if you receive repeated scam calls.
Notify your state’s consumer protection office for local support.
The Bottom Line
The BofA Alert Attempted Transaction scam text is a dangerous scheme designed to trick you into giving away sensitive information and money. By pretending to be Bank of America, scammers exploit trust, fear, and urgency to lure victims into calling fake support centers.
Remember:
Bank of America will never ask you to call back on numbers that are not listed on their official website.
They will never ask you to install remote access software.
They will never ask you to pay using gift cards.
If you receive one of these texts, do not respond. Delete it, report it, and spread awareness. The best way to fight back is by staying informed and helping others recognize the signs.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
