At Knight Abbey, we stress email safety a lot, even though we have employees that don’t use computers day to day at Knight Abbey. Many don’t have email accounts at all. However, we know our employees do use smartphones and have computers at home even if they don’t utilize those items here at the shop. We want them, and you, to be safe, so whenever we find information that will help keep you safe, we like to share it.
We recently received a phishing attempt from someone that looks very convincingly like it came from Bank of America. This is the perfect opportunity to show the differences between a phishing attempt and an actual Bank of America email, since I am a customer.
Let’s compare the two…
On the phishing email (see gallery below), the address says: Bank of America Corporation (BOA), but the actual email address is firstname.lastname@example.org. This clearly isn’t originating from BOA. If you look at the actual BOA email, the address is email@example.com. No legitimate company will have an email origination point from another company outside their corporate identity.
On the phishing email, the line with your “charge” is grammatically incorrect. The word “account” has been left out. Many of these phishing emails come from overseas where the originator has a difficult time with the English language. You will often find grammatical and spelling errors. Not that Bank of America isn’t capable of making mistakes, but they are rare.
On the phishing email, there is an ID Number. Bank of America, and most credit card companies, don’t have ID Numbers. If you look at the legitimate BOA email, there is an account number that only shows the last 4 digits, as well as due dates, minimum amount due, statement balance, etc. This is normal practice across the board for online bill pay.
On the phishing email, there is a link to see your invoice details. DO NOT CLICK THE LINK. This is where they get you. Either they have a virus built in or you get to the site and they ask you to fill in information to “log into your account”. When you do this, you are giving them your account information. On the legitimate BOA email, they give you a link, but they also give you instructions on how to pay your bill. Also, when you click on the link, you will always see a secure “Lock” at the top and the address will clearly be a Bank of America address.
The phishing email will many times tell you to go to the site and get information to contact BOA and to never reply to the email. But if you read the disclaimers at the bottom, it is clearly not written very professionally. BOA has legal teams, professional writers and proofreaders that methodically check this information before it is posted and sent to you. This is why you will rarely see badly written information.
If you aren’t sure, look up their number and give them a call. They are more than happy to answer questions if you aren’t sure. They even have a fraud department that they will have you sent suspicious emails to.
Be careful out there. The bad guys will do whatever it takes to take advantage of you.