Last week, a staff member caught the phish shown below:

We have detected irregular activity on your account on the date 05/01/2018.For your protection, we have temporary limited your account.

In order to regain full access to your account, you must verify this activity before you can continue using your account.

We have sent you an attachment , open it and follow the steps to verify your account.
Once completed, please allow up to 48h to update.

We are sorry for the inconvenience.

Good Day,
Bank of America

As with many phishing attempts, there are grammatical errors within the text of the email. For example, in the phish above the scammers write “We have detected irregular activity on your account.” instead of something along the lines of “We have detected irregular account activity.” Although this seems like a simple mistake, grammatical inconsistencies are a clear sign of phishing.

Second, the email claims to be from Bank of America, but you should not take this as a certainty. Many scams use trusted brands to boost their apparent legitimacy. This scam was sent from from “” instead of a legitimate Bank of America address.

This particular phish does not use a link to steal account information; instead, the malicious content is in the attachment. If you download that attachment, hackers could then implant malware that could steal sensitive information. (We’ve seen this scam at UD before.)

When you receive an unexpected attachment or receive suspicious email with an attachment, contact the supposed sender, in this case Bank of America, using a verifiable contact method. For example, find the phone number for Customer Service, and independently verify if the information presented in the email before you download anything

If you believe you’ve identified a phinancial phish, report it to Then contact the appropriate financial institution about the scam using or spoofing their brand. For example:

And as always,

Think B4 U Click!