I got an email yesterday, supposedly from Bank of America, notifying me that my online account access is blocked. Incidently, I was messing with some alert settings on BoA website the previous night and thought this email might be a result of that..and almost fell for it. Here is a screen shot of the email.
For a moment I thought “Ok, look’s like I clicked something and screwed something up…or BoA hasn’t recovered from it’s recent website fiasco” and was about to click on the link in the email when I started noticing the fishy stuff (see image below). Also, this is the first time I came across a BoA scam…they might have been floating around, but I never got them till now. However, this one was better than some other crappy scam emails I have seen in the past.
Fishy stuff is almost invariably in the form of some typos and stuff that conveys an unnecessary sense of urgency. Also, that link was intended to be masked but it wasn’t apparent from the email directly. I checked up the html and got this code:
Most bloggers are familiar with html and will immediately notice that it’s sort of a botched attempt. Bad job scammers :). For those who are not familiar with html here is what the scammers were trying to do. This link example.com here seems as if it points to “example.com” but if you click on it, it will take you to my archives page. In a similar way, the scammers were trying to fradulently link me to that “http://zicada.com….” stuff by falsely masking it by the Bank of America link. I don’t think they got it right. Anyways, to check where the link would have taken me, I copy-pasted the address in my browser and got this (click on the image to enlarge it):
Ok, now this is not a bad job at all except the “Mother Maiden Name” thing. The only other things that easily blow this off are the url in the address bar (notice the “zicada.com…” whatever), and the lack of a padlock image that is usually present near the right hand bottom corner of your browser window and looks like this: .
Watch out for this scam.I will write about some more tricky scams in future posts. Till then here are some quick tips to avoid getting scammed:
1. If you don’t see this padlock image , never put your sensitive information on such a website/webpage.
2. Watch out for typos and grammar errors. Scammers always seem to be horrible at these things.
3. Don’t click on links in your email unless you have solicited them yourselves. (I won’t add “or unless you get them from a trustworthy source”. I have had utter crap links from very trustworthy people).
There are some more finer points, but that will be a topic for another post.