Spam Attempts to Scam Bank of America Customers

E-mail scammers attempt to steal account information and other personal data from Bank of America customers.

Customers of another bank are being targeted by e-mail scammers attempting to steal account information and other personal data.

The e-mail appears to come from the Bank of America customer support department, but there are several misspellings and grammatical errors that make it easy to identify the message as a fake. The message arrives from with a subject line reading: "Security Server Update." The text of the message includes a graphic header taken from the banks home page.

The message reads, in part:

"Dear Valued Customer,
- Our new security system will help you to avoid frequently fraud transactions and to keep your deposited funds in safety.
- Due to technical update we recommend you to reactivate your account. Click on the link below to login and begin using your updated Bank of America account. To log into your account, please visit the Bank of America website at:
To review your statement, log into your Bank of America account and click the eStatements & eNotices button in the left navigation of your Account Summary page. Your new statement is listed in the left navigation of the page."

The URL in the message points to a page that has been disabled. The IP address for the URL is registered to ISP Verio Inc. A spokeswoman at Bank of America, N.A., based in Charlotte, N.C., said the company found out about the mail Sunday night and has received some calls from customers asking about it.

The company contacted the Secret Service to help in the investigation. "Were working diligently with the authorities to try and identify the person or people behind this," said Betty Riess of Bank of America. "The [fraudulent] site was shut down Monday afternoon."

The Bank of America scam comes a week after news of a similar hoax involving First Union Bank came to light. The First Union scam involves an e-mail that asks recipients to go to a Web site and enter some personal information. The site, which has been taken down, also automatically downloaded a Trojan horse application onto visitors PCs.

Officials at Wachovia Corp., also in Charlotte, which owns First Union, said they are continuing to work with law enforcement to track down the source of the e-mails.

Both the First Union and Bank of America e-mails seem to be going out to random e-mail addresses, much the way spam does. Both customers of the two banks and non-customers are receiving the messages.

Most Recent Security Stories:

Search for more stories by Dennis Fisher.
Find white papers on security.
For more security news, check out Ziff Davis Medias Security Supersite.