Bank of America Phishing: How to Stay Safe

TL;DR

Someone has created a fake Bank of America website (a phishing site) to steal your login details. Do not enter any information on the site! This guide shows you how to identify it, report it, and protect yourself.

1. Identifying the Phishing Site

Phishing sites look very similar to the real thing. Here’s what to check:

• URL: Look at the web address (the URL) in your browser’s address bar. Is it exactly https://www.bankofamerica.com? Phishers often use slight variations, like bank-of-america.com or boausafe.com.
• Security Certificate: Check for a padlock icon in the address bar. Click it to view the certificate details and confirm it’s issued to Bank of America. A missing or invalid certificate is a major red flag.
• Grammar & Spelling: Phishing emails and websites often contain errors. Legitimate companies are very careful with their language.
• Suspicious Requests: Be wary of any email or website asking for your username, password, PIN, security questions, or other sensitive information. Bank of America will never ask for this information via email or unsolicited links.

2. What to Do If You Visited the Site

1. Immediately Close Your Browser: Stop interacting with the site right away.
2. Change Your Bank of America Password: Even if you didn’t enter your password, it’s best to be safe. Go directly to the real Bank of America website (https://www.bankofamerica.com) and change your password. Use a strong, unique password that you don’t use anywhere else.
3. Check Your Account Activity: Monitor your account for any unauthorized transactions. Report anything suspicious to Bank of America immediately.
4. Run a Malware Scan: The phishing site may have installed malware on your computer. Run a full scan with your antivirus software.

3. Reporting the Phishing Site

Reporting helps protect others from falling victim.

• Report to Bank of America: Visit the official Bank of America security page (search ‘Bank of America report fraud’) and follow their instructions for reporting phishing attempts.
• Report to the Anti-Phishing Working Group (APWG): You can report phishing sites at [email protected].
• Report to Google Safe Browsing: If you used Chrome, you can report the site through Google Safe Browsing: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

4. Protecting Yourself from Future Phishing Attacks

1. Be Skeptical of Emails: Don’t click links or open attachments in suspicious emails, even if they appear to be from a trusted source.
2. Enable Two-Factor Authentication (2FA): 2FA adds an extra layer of security to your account. Bank of America offers this; enable it if you haven’t already.
3. Keep Your Software Updated: Regularly update your operating system, browser, and antivirus software.
4. Use a Password Manager: A password manager can generate strong passwords and store them securely.
5. Educate Yourself: Stay informed about the latest phishing techniques. Bank of America’s security resources are a good place to start.

5. Checking if a Website is Safe (Advanced)

You can use online tools to check website safety:

• VirusTotal: https://www.virustotal.com/gui/home/url – Enter the URL to see if it’s been flagged as malicious by multiple antivirus engines.
• URLVoid: https://www.urlvoid.com/ – Provides a detailed report on website reputation and potential threats.