Skip to main content
Privacy & Security

Recognizing Fraud FAQs

  • Hide What is email fraud?

    Email fraud, often called phishing, typically involves the use of deceptive emails that ask you to provide sensitive personal, financial or account information. The emails may strongly indicate they come from an organization you do business with, but often contain spelling or grammatical errors and a sense of urgency about returning your information quickly to avoid a penalty or win a prize.

    A fraudulent email may ask you to supply information in a return email, in a separate form attached to the email or by visiting a fraudulent website using a link contained in the email message. The people attempting to get this information may use it to access your accounts directly in order to withdraw money or to open new accounts in your name using your information.

    Bank of America will never ask you to provide your Social Security number, ATM or debit card PIN or any other sensitive information in response to an email. If you receive an email from Bank of America and you're not sure if it's real, don't click on any links in the email. Learn more about email fraud

  • Show How do I recognize email fraud?

    Recognizing email fraud isn’t always easy. The criminals who use email and online fraud to try and get your personal, financial or account information are adopting increasingly sophisticated techniques.

    You should always approach unsolicited email containing urgent appeals for security or personal information with great caution. Be sure to confirm the validity of email messages that appear to come from trusted sources by carefully examining the email address itself, as well as the content within it.

    All email we send to you contains authentication markers (such as a digital signature), which help your email provider or software determine whether or not it is junk mail. If an email appears to be from Bank of America but ends up in your junk email folder, leave it there. (Note that if the email address we have on file for security alerts is one you automatically forward to another personal email account, it increases the likelihood that your email provider or software will incorrectly classify it as junk mail.)

    Bank of America will never ask you to provide your Social Security number, ATM or debit card PIN or any other sensitive information in response to an email. If you receive an email from Bank of America and you're not sure if it's real, don't click on any links in the email.

  • Show How do I report a suspicious email?

    Please forward any email that you suspect may be fraudulent to abuse@bankofamerica.com

    Thank you for bringing this suspicious email to our attention. Bank of America takes any attempts to fraudulently use our brand or impersonate a bank representative very seriously. Our team reviews all submissions; we will only reply to your message if we require additional information.

    Did you know?
    Bank of America offers Online Banking customers access to free anti-virus and spyware products. Learn about other ways to keep your information safe while using Online Banking.

  • Show How do I recognize fraudulent text messages that appear to be from Bank of America?

    Just as criminals try to steal from people through email fraud, they also try to steal through text message fraud. Typically known as SMShing or Smishing (phishing that happens through SMS text messages), the process is simple: A criminal sends a text message intended to trick you into replying with financial or personal information or clicking on a link that will sneak a virus onto your mobile device.

    Follow these tips to be on guard against Smishing:

    • Don’t respond to a text message that requests personal or financial information. Bank of America often sends messages from SMS short numbers for alerts, but we will never ask you for personal or financial information in a text message.
    • Verify any phone number that appears in a text message. If you’re in doubt, call the client service number on our Contact Us page, on your statement or on the back of your credit, debit or ATM card.
    • If you receive what appears to be a fraudulent text message, we urge you to report it immediately. Forward any Bank of America-related messages to abuse@bankofamerica.com. Include the number the message came from and a copy of the message itself.
    • Many carriers allow you to report spam by forwarding unsolicited text messages to 7726 (which spells SPAM). As with many other spam-reporting systems, this will help eliminate spam messages for everyone.

    Get more information about online and mobile security

  • Show How do I recognize fraudulent phone calls that seem to be from Bank of America?

    Phone fraud, typically known as vishing (phishing that happens through a phone call), can be just as deceptive and damaging as email or text fraud. A criminal calls and poses as a legitimate bank or trusted financial service and tries to trick you into providing your financial or personal information. Often the caller notifies you of a non-existent alert or some sort of urgent matter as a way to trick you.

    Unfortunately, caller ID is not always a reliable way to confirm the identity of the caller: Caller ID can be manipulated to make a call from one number appear to be from another number. Never share any personal or financial information with anyone unless you are absolutely certain who you’re speaking with.

    If you receive a suspicious call, text or email from someone claiming to be Bank of America and you provided personal or financial information and you have any doubt about the legitimacy of the call, hang up immediately and call the client service number on our Contact Us page, on your statement or on the back of your credit, debit or ATM card.

    If you receive what appears to be a fraudulent phone call, we urge you to report it immediately by sending the phone number and any pertinent information to abuse@bankofamerica.com. Be sure to include any relevant details, such as whether the suspicious caller attempted to impersonate Bank of America and whether any personal or financial information was provided to the suspicious caller.

    Get more information about account and card security

  • Show What are the most common signs of identity theft?

    Identity theft occurs when someone uses your personal identifiable information to commit fraudulent acts such as withdrawing money from your bank account, opening new credit cards, applying for loans or even gaining employment. The most common signs of identity theft include:

    • Unauthorized withdrawals from your bank account
    • Bills for unfamiliar debt or failure to receive bills
    • Suspicious charges on your accounts
    • New accounts or loans you didn’t apply for
    • Being denied credit unexpectedly
    • The IRS notifying you that more than one tax return was filed in your name, or that you have income from an employer you don't work for
  • Show What steps can I take to help protect myself against identity theft?

    Here are some proactive steps you can take now to help protect yourself from identity thieves:

      • Review your credit report frequently and carefully by requesting a free copy of your credit report every 12 months from www.annualcreditreport.com
      • Download the Bank of America Mobile Banking app and allow push alerts for more secure communication about your accounts. Keep your contact information, especially your cell phone number and email address, current. Review and respond to alerts promptly. Turn on location services when making a purchase or signing in and allow location-based anti-fraud and security permissions.
      • Create complex passwords and PINs not easily associated with you, memorize them and use multi-factor authentication (for example: a password plus a one-time authorization code) when available each time you sign in to Online or Mobile Banking. Use a strong, unique password for each of your accounts. Visit the What you can do tab on our Online Banking security page for tips on how to create strong passwords.
      • Equip your computer with comprehensive malware and virus protection software. We offer McAfee LiveSafe™ to protect your PCs, smartphones and tablets from viruses, malware and phishing in one subscription free to our clients for up to 12 months.
      • Consider using Trusteer Rapport™, browser-based security software from IBM. It will fix most malware if your computer is infected, and it warns you if you attempt to navigate to a risky site. We provide it at no charge to our clients. (Mac users: Please note that Mozilla Firefox is currently the only browser supported by Trusteer Rapport.)
      • Only download software or applications from well-known and trusted sources
      • Stay current with any operating system and software updates (sometimes called patches or service packs) for your computer and your internet browser
      • Never click on suspicious links in text messages or emails

    Various security pages on our site, for example Online & Mobile Security and Account & Card Security, contain specific information under the What you can do tab on the page. You should also familiarize yourself with our privacy notices and watch the short Keeping your financial information safe video from Better Money Habits.

  • Show What should I do if my identity has been stolen?

    Identity theft occurs when someone uses your personal identifiable information to commit fraudulent acts such as withdrawing money from your bank account, opening new credit cards, applying for loans or even securing employment.

    The most common signs of identity theft include:

    • Unauthorized withdrawals from your bank account
    • Bills for unfamiliar debt or failure to receive bills
    • Suspicious charges on your accounts
    • New accounts or loans you didn’t apply for
    • Being denied credit unexpectedly
    • The IRS notifying you that more than one tax return was filed in your name, or that you have income from an employer you don't work for

    If you suspect your personal information has been compromised:

    • Contact us immediately to report fraudulent activity and close all accounts that were tampered with or fraudulently established
    • Consider filing a police report depending on the level of fraud, and ensure you have the report ready if needed for proof with creditors
    • Visit the Identity Theft Resource Center, a nonprofit for U.S. consumers, for step-by-step instructions, form letters and other resources for theft resolution
    • File a complaint with the Federal Trade Commission. The FTC maintains a database of identity theft cases used by U.S. law enforcement agencies for investigations.

    If you've been the victim of identity theft, we're here to help. If you have a credit or debit card with us, we'll cancel your card and issue a replacement immediately (you won’t be liable for any fraudulent activity). Our page on resolving identity theft has additional information and steps for you to follow that you should find helpful.

Additional resources