How To Spot a Bank of America Phishing Email

Do You Know How To Spot a Bank of America Scam Email?

For some students at Brown University, studying for finals was their number one priority. But their focus shifted after receiving emails claiming there was unusual activity on their Bank of America (BofA) credit cards and that they should call a number to talk to a “Fraud Specialist.”

The emails looked legitimate — so the students who called were more than willing to “verify” their account information over the phone. But the whole thing was a scam, with fraudsters draining the students’ bank accounts after hanging up [*].

While the amount lost to this Bank of America phishing email scam isn’t public, we do know that email scams are incredibly dangerous. According to the Federal Trade Commission (FTC) [*]:

In 2022, Americans lost over $420 million to email scams — with fraudsters regularly impersonating banks and financial institutions. 

In this guide, we’ll explain how Bank of America phishing emails work, how to spot the warning signs of a scam, and what you can do to protect your account — even if you’ve clicked on a link or opened a scam email.

{{show-toc}}

What Is a Bank of America Phishing Email?

Bank of America phishing emails are a type of impersonation scam in which fraudsters send emails claiming to be from the bank in an attempt to extract sensitive personal or financial information from victims.

Like other types of phishing emails (or fake text message scams), these emails work because they look nearly identical to real Bank of America security alerts or offers. If you’re a Bank of America customer, it only makes sense that you’d feel pressure to respond, click on links, or dispute fraudulent activity on your account. 

But opening or replying to a spam email can have devastating consequences, such as:

• You could give hackers your online banking username and password. Many phishing emails include links to fake websites that spoof the legitimate Bank of America login page. If you enter your credentials, they go directly to the scammers who can drain your entire account. 
• You could accidentally infect your device with malware. Hackers sometimes hide malware and other viruses in the links of Bank of America phishing emails. Even clicking on “unsubscribe” could give malicious hackers access to your data or remote control of your computer. 
• Scammers could trick you into sending them money. Some phishing emails warn you that someone is trying to access your account. To avoid stolen funds, scammers convince you to move your money to a different bank by using Zelle or another payment app. But any money you send goes straight to the scammer and can’t be refunded.

The bottom line: Phishing emails are among the most common tactics that scammers use. Engaging with a Bank of America phishing email in any way can put you in danger of fraud and identity theft. Consider protecting yourself (and your bank account) with Aura’s award-winning digital security solution. You can try Aura free for 14 days to see if it’s right for you.

How To Tell If a Bank of America Email Is Legitimate

Scammers intentionally make it hard to determine whether a Bank of America email is legitimate. At first glance, the Bank of America logo, fonts, and design may seem very similar to a real BofA email. But upon closer inspection, telltale signs of phishing start to appear.

By recognizing warning signs in the example below, you can learn how to identify a BofA email scam [*].

Here are some clues indicating that this email is a phishing scam:

• It doesn’t come from an “@BankofAmerica.com” email address. Instead, the scammers have changed the sender’s name to “Bank of America Shopper Gift Card Chance” in an attempt to fool victims. 
• It has strange phrasing and grammatical errors. This email includes random capitalizations, is missing articles, and has generally odd sentence structures. Remember that real Bank of America emails are professionally edited and reviewed multiple times before hitting a customer’s inbox.
• It contains a link that takes you to a suspicious domain. The “Go Here” link at the top and the “GET STARTED NOW” tab at the bottom likely lead to fake sites. If you’re viewing an email on your desktop, you can hover over links or tabs to view the URLs. Always verify the presence of a security certificate (https://) and the words “Bank of America” in the domain name.
• It doesn’t include additional contact methods. Bank of America promotions list terms and conditions at the bottom of their communications. There may also be links to the customer support portal, email preferences, and FAQs.
• It tries to entice you to click with a “special offer.” Scammers use offers, sweepstakes, and contests to draw in victims. Pay special attention to bizarre or mismatched amounts — like $90 in the body versus $50 at the top.

💡 Related: How To Tell If An Email Is From a Scammer [With Examples] →

The 5 Latest Bank of America Phishing Email Scams

1. Employment Development Department scam emails
2. “Your account is suspended” phishing emails
3. Emails about new Bank of America accounts opened in your name
4. Requests to verify your information
5. Fake Bank of America surveys and giveaways

Sadly, many people miss the warning signs of a phishing email. Here are five of the latest Bank of America phishing email scams — Knowing how to identify these scams can help you stay safe and protect your finances:

1. Employment Development Department (EDD) scam emails

EDD scam emails are among the most common Bank of America phishing schemes. 

Scammers send fraudulent emails (or SMS messages) claiming that your prepaid EDD debit card has been suspended. The only way to regain access is to fill out a form that requests sensitive information — including your name, address, and Social Security number (SSN). 

How to spot (and avoid) this Bank of America phishing email scam: 

• Make sure that you’re on the official Bank of America website. It should look like this: https://www.bankofamerica.com/.
• Check the status of your accounts directly — not through links in emails. If you’re concerned about your account status, log in to your Bank of America account directly, via either the bank’s official website or mobile app. Don’t click on any links in emails or text messages.
• Never provide sensitive information on an online form. Bank of America will never ask you to provide your Social Security number, ATM or debit card PIN, or any other sensitive information in an email, text, or online form [*].

💡 Related: How To Protect Your Bank Account From Identity Theft →

2. “Your account is suspended” phishing emails

In another known Bank of America scam, cybercriminals send you an email about unusual activity on your account. To “keep your account safe,” they claim to have temporarily suspended your account and need you to confirm your account details in order to unlock it. 

Then, they ask you to fill out a form or download a file that requests your account number, routing number, credit card number, and other personal information — which all goes straight to the scammer. 

How to spot (and avoid) this Bank of America phishing email scam: 

• Verify that the email is addressed to you. Scammers send thousands of generic emails, waiting for victims to follow through. These emails use generic greetings like “Dear Valued Customer,” “Dear Account Holder,” or “Dear member.”
• Look for vague language. If your account was really hacked, Bank of America can tell you what suspicious activity prompted a suspension, when the activity happened, and what a suspension means for your debit or credit card. Scammers leave out this information.
• Review your Bank of America security settings. Depending on your account settings, Bank of America’s Security Center may send you alerts. Knowing what these notifications look like will help you distinguish them from fake ones.

💡 Related: How To Spot (and Avoid) Apple Phishing Emails →

3. Emails or texts about fraudulent Zelle transfers

Scammers often use the fear of identity theft to their advantage. In one popular Bank of America scam, fraudsters send fake notifications about supposed large transfers made over Zelle (or similar payment transfer apps).

If you respond by saying that you didn’t authorize the transfer, you’ll quickly receive a phone call from someone impersonating BofA’s fraud department. On the phone, they’ll try to convince you to transfer your money to a safer “new account” to protect it from the scammer. 

In reality, the person on the phone is the scammer, tricking you into sending them all of your money. 

How to spot (and avoid) this Bank of America phishing email scam: 

• Don’t make transfers to “protect” your accounts. Bank of America representatives will never advise you to move your money to a different bank, convert it to digital currency, or send it to someone else via Zelle for safekeeping. 
• Log in to your online or mobile banking app. If you want to double-check that the transfer isn’t real, log in to your account directly through BofA’s mobile banking app or official website. 
• Take action if you’ve become a victim of identity theft. If you see an account you didn’t open on your banking portal, contact Bank of America’s security team to close it immediately. At this point, you may actually be the victim of identity theft. Use a Dark Web scanner to see if and where your personal information has been leaked in a data breach. And if you notice any fraudulent charges to your credit cards, lock or freeze your credit to prevent further criminal activity.

4. Requests to verify your information

Identity fraud is a growing threat — there were 150,000 reports of bank-related identity fraud last year. To protect their customers’ accounts, Bank of America implemented identity verification features like two-factor authentication (2FA).

Unfortunately, these features inspired a new scam trend. Fraudsters now send “verification” emails asking you to verify your identity via a downloadable form.

These forms include required fields for your address, SSN, driver’s license number, ATM PIN, account numbers, and credit card numbers. The moment you send back a form containing this data, you become a prime candidate for identity theft.

How to spot (and avoid) this Bank of America phishing email scam: 

• Protect your devices with antivirus software. Email attachments can hide malware. Use antivirus software to scan files before you download them. 
• Always try to log in before sending information. Don’t believe everything you receive in emails or texts. If in doubt, try to log in to your account directly. 
• Never give away authentication codes or passwords. Bank of America will never text, email, or call you asking for an account authorization code or password [*]. If you’re not sure if your account has been compromised, call or chat with a representative using official Bank of America customer service lines [*]. 

💡 Related: How To Protect Yourself from Account Takeover Fraud →

5. Fake Bank of America surveys and giveaways

From time to time, Bank of America will send their customers special offers to open new credit cards or accounts. Scammers put their own spin on this, creating fake sweepstakes and surveys to convince customers to disclose their information.

To collect your prize or be entered into a raffle, scammers request your name, email address, phone number, and credit card number to handle “processing fees.”

How to spot (and avoid) this Bank of America phishing email scam: 

• Check the email subject line. These scams usually include email subject lines like: “Shopper, You can qualify to get a $50 Bank of America gift card,” “(ENDS.SOON) You're-.eligible.to.-receive.-exclusive.rewards,” or “Leave your feedback and you could WIN!”
• Ask yourself if this deal is too good to be true. Scammers are notorious for luring victims with rewards that don’t exist. They often pressure victims into responding quickly with limited-time offers and phrasing like “hurry,” “ending soon,” or “last chance.”

Did You Open or Click on a Link in a Phishing Email? Do This!

If you’ve clicked on a link or engaged with a BofA phishing scam in any way, it’s time for damage control.

• Contact Bank of America’s fraud department. Contact Bank of America’s fraud department immediately at 800-432-1000 [*]. Explain what happened and tell them what information you gave to the scammer. The fraud department will most likely cancel your cards and accounts and issue new ones to you.
• Forward the fraudulent email. Forward any suspicious emails to abuse@bankofamerica.com for processing. But don’t expect a reply — BofA will only respond to ask for additional information. If they determine the communication was fraudulent, they’ll work with law enforcement to locate the source.
• Report the fraud to authorities. Forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org, and report the scam to the FTC at ReportFraud.ftc.gov. Informing the authorities can help find and stop the scammer faster. 
• Secure your account. The Bank of America fraud department may have already done this; but to be safe, you should change your password and enable 2FA. Shred any old bank cards, bank statements, or related documents. 
• Scan your devices for malware. Run an antivirus scan on your computer, and then quarantine and remove any ransomware, worms, or spyware.
• Check your other accounts. If you reuse your banking password for any other accounts (even social media), scammers may gain access to them, too. Change your passwords immediately and run your credit report. If you see suspicious activity, alert your financial institutions and freeze your credit at each credit bureau individually: Experian, Equifax, and TransUnion.
• Secure your identity. Now is the time to invest in an identity theft protection service. Aura continuously monitors your credit, secures your accounts and mobile devices with the most modern cybersecurity tools, and protects your personal identifiable information (PII) — alerting you about fraudulent activity up to 250x faster than other providers.

How To Protect Your Bank Account From Scammers

Bank of America phishing emails are an ongoing threat that puts your bank accounts at risk. And scammers are only getting more and more sophisticated with their schemes.

Besides trying to spot signs of phishing, you can keep predators away by:

• Installing antivirus software on your smartphone and computer
• Using secure and unique passwords and updating them frequently
• Not blindly trusting your caller ID or the “from” name in emails
• Enabling 2FA on all of your accounts
• Never giving out your passwords, PINs, or one-time-use codes (2FA or MFA) to anyone for any reason
• Taking advantage of Bank of America’s free Security Center, enabling push notifications for account balance changes, new device logins, and new scam red flags to watch out for

Navigating all these steps to protect your accounts can feel like a full-time job. Aura takes that weight off of your shoulders.

Aura stays vigilant 24/7, tracking your accounts and personal information online. And if the worst should happen, every adult member on an Aura plan is protected by a $1,000,000 insurance policy for eligible losses due to identity theft. 

Keep your bank account safe from scammers. Try Aura free for 14 days.