I got an email purporting to be from Bank of America a few days ago. It is scary to think how easily someone can be fooled by this. Let me show you how to tell this one is a fraud.
Look at the email address it is sent from – firstname.lastname@example.org. If it were legitimate it would have come from a Bank of America email address. It would be something like email@example.com. ‘bankofamerica.com’ is a domain name owned by Bank of America. It is highly unlikely anyone else would own bankofamerica.com and highly unlikely Bank of America would use something like cmaaccess.com. When deciding if an email address is legitimate first find the period (or ‘dot’ as in .com, .org, etc.). The ‘words’ to the left of the period and before the @ sign are what you need to pay attention to.
- firstname.lastname@example.org – This is OK
- email@example.com – This is probably not OK and definitely not sent by Bank of America.
Next hover your mouse over the web address you are being asked to go to. When a proper link is created it will have something that is visible and a separate component telling it where to point to. These should be the same address. Hovering you mouse over the link will show where it is actually pointing to. https://www.bankofamerica.com looks like a good address but when I hover my mouse over it I see that the actual address is something different. The screen capture I have included of my email does not show it but when I hover over the address I see a long address with numbers and a domain name of sbcglobal.net. The important thing is the address is not the one I see in the email. In fact, when I hover over it I see that the web address is not the only part of the email causing the false web link to show. What that means is that the whole body of the email is a graphic file.
Next take note of the immediate threatening nature of the email. If you don’t do what it says soon then something bad will happen. That is a standard component of fraudulent emails. What you are being asked to do is to follow the link. You would probably go to what appears to be a real Bank of America website and enter your user name and password. The website records what you type and the criminals have all they need to log on as you to your bank account and steal your money. If you use that user name and password combination on other websites then you are at risk on all of them.
This is a real email I received and I have received similar ones like it in the past. There are often other indications that something is wrong. The email may have bad spelling or bad grammar as an example. When you get emails like this use your common sense. Call the company that the email was supposed to come from and ask them. If you prefer, ask me firstname.lastname@example.org or 972-514-7727.