If you suspect an email that appears to be from Bank of America is in fact fraudulent, don’t panic. These emails, called “phishing emails,” are actually sent to hundreds and thousands of people at a time in the hopes that one or two people will fall for the scam. As long as you learn how to recognize the signs of phishing, how to report it, and how to keep your information safe, you can protect yourself from identity thieves and scammers of all types.
StepsPart 1Part 1 of 3:Recognizing a Phishing Email
1Pay attention to the email address. One of the most common techniques of email scammers is to use an email address that appears to be official. After all, if the bank is emailing you, it stands to reason it’s a legitimate inquiry. Often these email addresses aren’t actually official email addresses, and are only similar to email addresses. For example:XThe legitimate domain for Bank of America is @bankofamerica.com. If the domain in your email is @bankofamerica.us, or @ bankofamerica.net or any variation it’s probably a fake.
2Don’t fall for any urgent appeals. There are very few “urgent” circumstances arising between a bank and its customer. Even if there are urgent circumstances, email is the last method of contact the bank will use.XIf an urgent circumstance does arise, you’ll either be contacted by telephone, postal mail, or you’ll learn about it on the news.Keep an eye out for poor grammar, spelling, and punctuation. Phishing emails often originate from scammers outside of the US, so English isn’t the native language of the scammers. Their correspondence is often littered with errors and/or spelled according to British spelling conventions.
3Remember that personal information is the key to identity theft. Scammers are usually out to commit some permutation of identity theft. As such they’ll typically ask for some type of personal information in a phishing email.XIn particular, they’ll ask for Social Security numbers, credit card numbers, the PIN to your debit card or ATM card, or your Bank of America online login information.Bank of America will never ask you for any of the above in an email.Part 2Part 2 of 3:Reporting a Suspicious Email
1Don’t delete the email–yet. You’ll need to share the email with Bank of America eventually, so keep it in your mailbox until then. Meanwhile, don’t click on anything in the suspicious email.Scammers can be very clever, and if they can’t get you to give up your personal information directly, they will sometimes embed malware into links given in emails. The malware, which can be very hard to remove, can record personal information such as logins and passwords used to steal your identity.
2Forward any suspicious emails (including full headers) to [email protected]. This will go directly to their fraud-detection department. They will contact you by telephone to let you know whether or not the communication was legitimate. If the communication is fraudulent, they will work with law-enforcement to track down its source.The header of an email is the technical version of the TO, FROM, and SUBJECT lines. If you want to learn how to view the header in your email program, you can learn at https://mxtoolbox.com/Public/Content/EmailHeaders/
3Call Bank of America directly to report the fraud. Bank of America also has a telephone line where you can report suspicious activity. If you feel more comfortable initiating the complaint over the phone, call 1-800-432-1000.
4Beware of similar schemes. Less commonly, the same types of scams are run through text message and Voice Over Internet Protocol phones. The same hallmarks, including urgent appeals, poor spelling, and the solicitation of private information, all apply.You can report these types of suspected fraud exactly the same way. Email [email protected] or call 1-800-432-1000.Part 3Part 3 of 3:Protecting Your Information
1Install antivirus programs on your computer and smartphone. While we all try to avoid getting hoodwinked, no one is perfect. A good antivirus and anti-malware programs is essential.XIn addition, almost all antivirus programs have a free version. Look for a highly rated program with a good track record of success. A good source for reviews is cnet.com.
2Don’t carry sensitive information on your person. Unless you need them that day, keep items like birth certificates and Social Security cards at home and in a safe place. Sometimes all a scammer needs is a small piece of information to gather more information.X
3Keep bank statements safe. If you receive paper banking statements and account statements in the mail, be sure to keep them in a safe place. When it comes time to throw them away, shred or otherwise destroy them first.XBetter yet, switch to online banking and electronic billing. That way, a record is kept without the accompanying paper trail. In addition, it helps you familiarize yourself with your bank’s online protocols, making it less likely you’ll be fooled by a phishing email in the future.
4Keep identifying information separated. Don’t write your account number or driver’s license number on a personal check, or your PIN on your debit card. By doing so, you make it easy on scammers. If they get a hold of one of these items, they are already in possession of more than one type of important information. Even though it sacrifices convenience, keeping your identifying information separate is more secure.X