I like many people have a gmail account that I use for personal email. I get all sorts of spam into my account including multiple phishing attempts. In the past week, I have received 2 phishing attempts claiming to be from Bank of America. I am tired of such emails and I feel sorry for whoever actually falls for them. So I wanted to give some tips on how to identify a phishing attempt. My comments are in blue.
Subject - Unauthorized Activity << Ok so you expect an email about unauthorized activity >>
From - Bank Of America <firstname.lastname@example.org> << a google.com account? Really? Bank of America isn't sending from their own domain anymore ? >>
Dear Bank of America customer, << If you aren't a customer then why are they sending you email? >>
In order to be prepared for the smart card upgrade on Visa and MasterCard debit and credit cards and to avoid problems with our ATM services, we have recently introduced additional security measures and upgraded our software.
<< Ok so the subject isn't about unauthorized activity >>
The security upgrade will be effective immediately and requires our customers to update their ATM card information. Please update your information by following the link given below.
<< A bank will never ask you to update your information by sending you a link. Also the story doesn't jive. If they are going to smart cards, then you will need a brand new ATM card. Also any bank would be able to transfer your current information >>
http://<some IP address>/online/sslencrypt218bit/online_banking/
<< They try to make it look legit by giving a link that has sslencrypt in it but it isn't https. Also, it doesn't have the bank of america domain but instead uses an IP address. I should also state that you should never ever click on a link in your email and provide personal data through that link. I'd avoid clinking links from email anyway. If you want to go to the site, then go to it directly >>
We are committed to delivering your quality service that is reliable and highly secure. This email is one of many components designed to ensure your information is safeguarded at all times. << They sound like they are doing you a favor and protecting you>>
Please do not reply to this message. For any inquiries, contact Customer Service. << They even tell you to contact Customer service >>
Copyright 1999 - 2007 Bank of America. All rights reserved.
<< Ok that is it... >>
So anyway, here are my overall tips -
1) Never provide financial or personal information on a link you receive from an email.
2) Check emails to see that the sender information as well as any links in the email actually have the proper domain (bankofamerica.com)
3) Know that any bank or paypal will never solicit for your information from an email.
4) Call the business to ask about anything you are unsure about
5) Never click on a link you receive on an email. Sometimes just clicking on the link can infect your system with something you don't want.
6) Overall, be cautious and suspicious of emails
That is the end of my public service announcement.