Thursday, November 1, 2012

Bank of America 'Passcode Reset' Spam Wants to Infect Your PC with Malware

Be sure that you exercise caution when checking out emails claiming that your Bank of America passcode has been changed.

Internet security firm Webroot has reported sightings of fraudulent BofA notices that are littered with hyperlinks pointing to third-party websites serving malware.

It shouldn’t be terribly difficult to determine whether or not the email you’re looking at is a fake. Aside from having an untrustworthy sender’s address (which is usually,, or, the email is littered with grammar mistakes and doesn't have a single link pointing towards the Bank of America website.

Take a look for yourself:

Bank of America Passcode Spam
Screenshot Credit: Webroot

Subject: Online Banking Passcode Changed

Exclusively for [EMAIL]

Bank of America
Online Banking Note

Online Banking Passcode Changed

Post Control:
You last signed on to Online Banking on [RANDOM DATE].
Remember: Always look for your SiteKey® before entering your Passcode.

Account: CHK ending in XXX1
Date: [DATE]

Your Online Banking Passcode was requested to be reseted on [DATE].

Your security is important to us. If you are nescient of this change, please contact us immediately at this form.

Like to get more Notifications? Log in to your Online Banking at Bank of America and at the the Accounts Overview page select the Alerts tab.

Security Checkpoint: This email includes a Safety Checkpoint. The information in this section lets you know this is an authoritative communication from Bank of America. Remember to verify your SiteKey every time you sign on to Online Banking.

Email Settings
This is a warning email from Bank of America. Please note that you may receive service message in accordance with your Bank of America service agreements, whether or not you elect to receive promotional letters.

Contact us about this email
Please do not reply to this email with sensitive information, such as password. The security and confidentiality of your personal details is all-important to us. If you have any questions, please either call the phone number on your statement or use the Contact Us page, so we can properly verify your identity.

Privacy and Security
Keeping your financial information secure is one of our most chief responsibilities. For an explanation of how we manage customer information, please read our Privacy Policy. You can also learn how Bank of America keeps your personal information secure and how you can help protect yourself.

Bank of America Email, 7th Floor-NC8-985-65-51, 609 South Seaside Tryon, Avenue, Charlotte, TX 67551-3036

If you did make the mistake of clicking on a link, you would be directed to page on a compromised website that’s configured to exploit system vulnerabilities to plant malware on your computer.

So, hopefully you took the time to mouseover links to check the true destination URL, saw that it wasn’t a legitimate Bank of America URL, and decided not to follow them.

What to Do with Bank of America Phishing Emails

In the event that you receive a suspicious email claiming to be from BofA, it is strongly recommended that you:

  • Do not click any links or respond to the email.

  • Report the email to BofA by forwarding it to

  • Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment