Fraudulent Email in the Name of Bank of America

There’s an email in my Inbox this morning. The “From” field says “Bank of America” and the subject of the message reads “Account Suspension Case #00302353213″ and the body of the message seems legitimate

The first sign that this may be a fraudulent email I noticed is the mail says there was an unsuccessful access on “24 June 2006.” It could be more believable if it says “January 5, 2007″ than “24 June 2006″ as I checked my account last night and do we really use the “24 June 2006″ format?

When I move the mouse cursor over the “click here” link, it shows the following URL

and the page at the above URL again looks authentic

In fact, all the links at the bottom of the page are real BoA links, except the three on top right which point to the same URL but with no actual page associated with them.

Actually, I think an easy step to determine whether it’s an authentic message is to check exactly where it is from, not what it claims where it is from (the email address). In this case, the email address Bank of America <onlinebanking@alert.bankofamerica.comcom> is already suspicious. Once I clicked the Full Header option (not the compact header which only shows From, To, and Subject) from my Yahoo email, the entire path of how this message reached mailbox is revealed:

From Bank of America Fri Jan  5 10:34:38 2007
X-Apparently-To: — via; Sat, 06 Jan 2007 07:53:18 -0800
X-Originating-IP: []
Return-Path: <>
Authentication-Results:  from=alert.bankofamerica.comcom; domainkeys=neutral (no sig)
Received: from  (EHLO (
by with SMTP; Sat, 06 Jan 2007 07:53:17 -0800
Received: from nobody by with local (Exim 4.52)
id 1H2ttm-00039v-En
for —; Fri, 05 Jan 2007 12:34:38 -0600
To: —
Subject: Account Suspension Case #00302353213
From: Bank of America  <onlinebanking@alert.bankofamerica.comcom>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <>
Date: Fri, 05 Jan 2007 12:34:38 -0600
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname –
X-AntiAbuse: Original Domain –
X-AntiAbuse: Originator/Caller UID/GID – [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain –
Content-Length: 1337

Though this apparently is a scam email, Yahoo’s DominKey failed to flag it. And the email was send from which has nothing to do with Bank of America. Using a free IP lookup tool at, I found the sender’s location is at Dallas, Texas.

After determining that this is a fraudulent email, I forwarded the entire message to BoA for further investigation. In the reply email, BoA says

Thank you for contacting Bank of America to report a potentially fraudulent mail, commonly referred to as a “phishing” email. We take your security very seriously and will investigate this matter immediately. If our investigation determines that the email is fraudulent, we will take steps to have the site shut down.

I only hope they can really do what they promised to do “have the site shut down.”

This article was originally written or modified on . If you enjoyed reading this post, please consider subscribing to my full RSS feed. Or you can also choose to have free daily updates delivered right to your inbox.

Author Info

This post was written by Sun You can find out more about Sun and his activities on Facebook , or follow him on Twitter .

4 Responses to “Fraudulent Email in the Name of Bank of America”

  1. TJP |  Jan 07, 2007 at 3:19 pm

    There’s a lot of BofA fraud out there. I used to get fraudulent telemarketing calls all the time.

    It’s seems everyone’s getting in on the act now. Thanks for the head-ups since I own multiple accounts with Bank of America.

    Nice investigative work!

  2. Golbguru |  Jan 08, 2007 at 7:14 pm

    Good catch…BoA seems to be a favorite target for scammers.

    I am surprised why scammers can be so dumb as to make those “24 June 2006″ thing….while they are smart enough to make a website and design it to steal your information. :) They always make some stupid mistake :)