Bank of America Phishing Attack?

Last time I had a Bank of America account was over 7 years ago. So I assume this is a phishing attack. It got through Media Temple’s spam filters (Cloudmark + SpamAssassin) and through my webmail spam filter.

Why is this an effective attack? Because banks send out very similar emails. For example, I closed a Chase account last year (after the WaMu takeover) and I received several online banking emails from Chase months after my account was closed.

So if you receive an email like this and you don’t have an account with the bank, understandably you’re assuming it’s a phishing attack. But perhaps worse, there’s also the possibility the bank made an error (database/software incompetence, rogue employee, etc.) and because you have no account you can’t complain. Or, maybe your identity was stolen and the hacker used your actual email address, but doesn’t know your email password, didn’t bother to change it, etc.

Here’s a clue this is a phishing attack: “This is most likely an attempt to gain unauthorized access to your account and/or personal information.” Notice the words “most likely”. Why would a bank jump to that conclusion? Most likely you forgot your password–they don’t want to frighten you unless they’re selling insurance. In other words, read these bank emails carefully.

—

Dear customer

We regret to inform you that your Bank of America Online Account
has been temporarily suspended.
Your account has been suspended after too many failed login
attempts have been made. This is most likely an attempt to gain
unauthorized access to your account and/or personal information.

To resolve this problem we have attached a form to this email.
Please download the form, open it and follow the instructions on
your screen.

Bank of America, Member FDIC
©2010 Bank of America Corporation. All Rights Reserved.