Bank of America email - Phishing scam?

epiLog · #1 09-14-2007, 12:48 PM

I altered the actual link they wanted me to click on for obvious reasons.

So I'm checking my email and find this one. Obv it's most likely a scam since I'm not american and I'm not a Bank of America customer. Anyone else received this same email and know something about where it comes from? Last few days I've been emailing alot with ecash-direct which are the ones handling the cashier part of Interpoker. I'm also thinking that it might have something to do with the pokertracker-site being hacked and that could have gotten my email that way.

From info@joinus.com & *** Important Notice From Bank Of America *** in the headline.

We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us.

If this is not completed by September 15, 2007, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.

To confirm your Online Banking records click on the following link:
http://xx.xxx.xx.xxx/bankofamerica/verify.html

Thank you for your patience in this matter.

Bank of America Customer Service

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.

2007 Bank of America Corporation. All rights reserved.

JoseMartenez · #2 09-14-2007, 12:59 PM

Ah, these are fairly common, abd I wouldn't believe that it has anything to do with online poker at all. My ma received an e-mail like this a while back as well, doesn't have a Bank of America account and has never played online poker. They just get a bunch of e-mail addresses and try them all. Throw it at the wall, see what sticks. Odds are there are a couple people out there with BoA accounts who are dumb enough to fall for something like this.

I used to get e-mails like this all the time from a "First Third" bank or something. Then when I was on vacation and actually saw the bank, it made me laugh. Bottom line, don't worry about it, but do check your accounts once or twice a day over the next week if you are really concerned.

FWIW, I think you're fine.

BradleyT · #3 09-14-2007, 01:05 PM

I get like 8 of these per day - none are legit. The only legit ones I get tell me to pay my goddamn bill.

Oliver Nipples · #4 09-14-2007, 01:07 PM

Never log into anything that does not have your sitekey on it.

epiLog · #5 09-14-2007, 01:14 PM

I'm mostly interested in where it might come from. Just seems like too much of a coincidence that I receive this after a few days of intense emailing with ecash-direct aswell as fiddling quite a bit with my neteller & bank account. Maybe it's that [censored] promotion neteller runs atm that required me to enter my email.

nineinchal · #6 09-14-2007, 01:17 PM

That's an old one. It looks very realistic though.

JoseMartenez · #7 09-14-2007, 01:21 PM

It's promotion that places run, then they sell their e-mail lists and they get out there. There are companies that just do nothing but gather e-mail addresses on the list and sell them to presumably direct marketers to sell you crap. But of course, they sometimes sell them, knowingly or not, to phishers.

A good test is to copy a small portion of the e-mail that's not time sensitive (a sentence perhaps), slap some quotes around it and throw it into google. You're more than likely to find someone or multiple people with the same e-mail or a phishing-prevention website reporting it as a scam.

pocketpared · #8 09-14-2007, 02:26 PM

At least this phisher knows how to spell.

Quanah Parker · #9 09-14-2007, 02:33 PM

Maybe we should all reply with bogus account numbers and passwords.

BradleyT · #10 09-14-2007, 02:44 PM

[ QUOTE ]
Maybe we should all reply with bogus account numbers and passwords.

[/ QUOTE ]

I used to do that. However now they use tracking numbers to know which email addresses are valid.

In the old days the link would go to www.example.com/bankofamerica.html
Now they go to www.example.com/bankofamerica?23a289fde32

When you click the 2nd link and the page loads it looks up 23a289fde32 in the database and verifies the e-mail address associated with that ID. Each e-mail uses a different series of numbers for tracking purposes so they can track who is clicking the links and send them even more spam.

They can also use uniquely named invisible .gifs in the e-mails so once you view the graphics in the e-mail they know you're a valid e-mail address.