Our catch of phriday phish featured a particularly well-crafted email alleging to come from Bank of America. At first glance it looks authentic: official Bank of America graphics and text. The scammers even included warnings about identity theft and fraud in this message. (Click on the graphic below to see the full message text.)

Body of phishing scam allegedly from Bank of America

Body of phishing scam allegedly from Bank of America


But if you look more closely, there are two tell-tale signs that this message is a scam.

  1. No reputable bank is going to send customers email that reveals other customers’ email or contact information. Take a look at the way this message was addressed: (Click on the graphic below to see a larger image.)
    "Confidential" information sent to multiple addresses. A sure sign of a scam!

    "Confidential" information sent to multiple addresses. A sure sign of a scam!

  2. Hover your mouse over one of the links. I doubt that Bank of America wants you to go to a server in Sweden (.se) to enter your personal information. Don’t follow any of the links in this message. Just delete it. (Click on the graphic below to see a larger image.)
    Hover your computer mouse to see where the link really goes.

    Hover your computer mouse to see where the link really goes.

Are you a Bank of America customer who wants to check on your account? Don’t follow any of the links in this phish; instead, log in to the Bank of America site as you ordinarily would and look for security messages.

See a message like this one? Delete it.