Spam and phishing scams continue to evolve, becoming more sophisticated all the time. Nevertheless, mistakes in spelling and grammar are still a big red flag when it comes to determining the legitimacy of any supposed business correspondence. As a recent example, I received the following text, purportedly from Bank of America:
During our usual security enhancement protocol, we observed multiple login attempt error while login in to your online banking account. We have believed that someone other than you is trying to access your account, for security reasons we have temporarily suspended your account and your access to online banking has been restricted. We urge you to take few minutes to update your account, failure to this will result to account locked down.
There are at least 6 grammatical errors in this one paragraph, not to mention terrible wording. No legitimate corporation would send out any business communication with this many mistakes.
Another sure-fire indicator that this email was fraudulent was the fact that the embedded links did not resolve to the companies website. To fix my account, I was directed to log in through a link that displayed https://www.bankofamerica.com/privacy/update.jsp as the link text, but the actual address linked to was a URL at thetalentmakers.com, clearly not Bank of America.
These days few if any financial organization are going to rely solely on email to notify someone of suspicious account activity. Finally, in an effort to combat phishing and spoofing, most banks, credit unions, and investment agencies will refrain from using live links in their emails, and will instead ask you to log on to your account on their website using plain text to give the address.
A simple rule of thumb – never click a link or open an attachment in an email unless you are absolutely sure of it’s authenticity.
