Questions about the Heartbleed bug?
Recent news about the Heartbleed bug may raise questions about your security on our website. Online Banking is safe, and you can continue to access your accounts as usual. More about Heartbleed »
America’s premier Online Banking service incorporates industry-leading safety features that give you greater security and peace of mind as you manage your money. Taking some common-sense steps to protect yourself adds an extra layer of protection to your online experience.
Online Banking security guarantee
We're committed to making Online Banking safe and secure. Our Online Banking Security Guarantee covers the security of your Bank of America accounts, the security of your information and the time processing of your payments.Footnote 1
Industry-leading safety features
Our award-winning internet banking security features like the SiteKey® image and the SafePass® feature provide peace of mind as they help protect you every click of the way.
Our fraud prevention and security systems protect you with the latest encryption technology and secure email communications. Computer anti-virus protection detects and prevents computer viruses from entering our computer network systems while firewalls block unauthorized access by individuals or networks.
Bank of America uses encryption technology, such as Secure Socket Layer (SSL), on its website to transmit information between you and the bank. This protects data in 3 key ways:
- Authentication ensures that you are communicating with us and prevents another computer from impersonating Bank of America
- Encryption scrambles transferred data so that it cannot be read by unauthorized parties
- Data integrity verifies that the information you send to Bank of America is not altered during the transfer. The system detects if data was added or deleted after you sent the message. If any tampering has occurred, the connection is dropped.
Secure your computer
- Make sure your computer is equipped with comprehensive spyware and virus-protection software (Bank of America offers McAfee Internet Security free for 12 months to our customers)
- Consider installing anti-keylogging software, which can detect hidden keystroke logging malware and encrypt the keystrokes made on your computer keyboard
- Make sure your computer is equipped with a firewall, which prevents unauthorized users from gaining access to your computer or monitoring transfers of information to and from the computer
- Be sure to download and install any operating system and software updates (sometimes called patches or service packs) in a timely manner
- Make sure your browser software is up to date
- Consider using Trusteer Rapport security software, which provides online fraud protection for Online Banking transactions (it’s available free from Bank of America)
Monitor your account activity
Check your account activity frequently to detect fraud earlier. You can receive information quickly about activity in your accounts when you set up Alerts. In addition to Alerts that are automatically already turned on for your protection, you can set up additional Alerts to stay on top of your balances, payments and transactions. To set up Alerts, sign in to Online Banking, go to the Alerts tab and select Manage Alerts.
Follow internet security issues in the news and discuss them with friends, family and colleagues. Explore online resources like the National Cyber Security Alliance and Microsoft® Security At Home websites that provide comprehensive information about topics such as securing your computer and safe online behavior. View additional resources
Phishing and spoofing
Phishing and spoofing emails ask you to go to a fake website that looks like Bank of America and provide your personal account information. These emails may even ask you to call a phone number and provide account information. See an example of a fraudulent email
Ways to identify phishing and spoofing emails include:
- Requests for personal information. Bank of America emails will never ask you to reply in an email with any personal information such as your Social Security number, ATM or PIN.
- Urgent appeals. We will never claim your account may be closed if you fail to confirm, verify or authenticate your personal information via email.
- Messages about system and security updates. We will never claim the need to confirm important information due to upgrades and state that you must update your information online.
- Offers that sound too good to be true. For example, you may be asked to fill out a short customer service survey in exchange for money, then be asked to provide your account number to receive the credit.
- Obvious typos and other errors. These are often the mark of fraudulent emails and websites. Be on the lookout for typos or grammatical errors, awkward writing and poor visual design.
Ways to protect against phishing and spoofing:
- Always look for your SiteKey® image when you sign in to Online Banking
- Make sure you are at Bank of America’s website when you sign in to Online Banking. The SiteKey image helps with this, but you can also type www.bankofamerica.com in your browser. If you’re using a secure browser, your address bar will turn green.
- Delete any suspicious email you receive before clicking any links or replying to it
Money mules are unsuspecting victims who become middlemen for criminals trying to launder stolen funds. Common indicators of a money mule scam include overseas companies requesting money transfer agents in the U.S., opening new bank accounts to receive money from someone you don't know, accepting large sums of money into your personal bank account for a new job and transferring or wiring funds out of your personal bank account to people you do not know. Victims of these scams may not only have their bank accounts closed and financial reputations ruined, but often are left financially responsible for returning any stolen funds.
Malware, short for malicious software, includes viruses, spyware and trojans that are designed to infiltrate or damage a computer system, steal personal information and commit fraud. There are several easy ways you can minimize malware risk:
- Never download any file or attachment unless you are absolutely certain what it is and who provided it
- Never click on an advertisement that asks for personal or financial information
- Update your security and system software to protect your computer from malware threats
Vishing uses Voice over Internet Protocol (VoIP) to leave an automated recording on your phone that says your account has experienced unusual activity. The message instructs you to call what appears to be a Bank of America phone number (in fact, the caller ID has been fooled into displaying “Bank of America”). Sometimes criminals also send emails and text messages containing fraudulent phone numbers. Rather than provide any information, you should contact us immediately to verify the validity of the message.