skip to main content
Privacy & Security

Report a Suspicious Email

To report a suspicious email that uses Bank of America’s name

If you receive an email that appears to be from Bank of America but you suspect may be fraudulent, forward it to us immediately at abuse@bankofamerica.com.

Why criminals send fraudulent email

One of the ways criminals try to trick people into providing personal account information for identity theft purposes is to send email that appears to have been sent by Bank of America, but has actually been sent by the criminal.

The phony email asks you to go to a website that looks like a Bank of America site, but is actually a site the criminal has set up asking you to provide your personal account information. Sometimes the email may ask you to call a phone number and provide account information.

ShowGet tips on ways to spot a fraudulent email
  • Requests for specific personal information. Bank of America will never ask you to reply to an email with any personal information such as your Social Security number, ATM or PIN number.
  • Urgent appeals. These often take the form of messages claiming that your account may be closed if you fail to confirm, verify or authenticate your personal information. Bank of America will never ask you to verify information in this way.
  • System and security messages. These often claim that the bank needs to confirm important information and you must update your information online. Bank of America will never ask you to verify information in this way.
  • Offers that sound too good to be true. You may be asked to fill out a short customer service survey in exchange for money being credited to your account, then to provide your account number for proper routing of the supposed credit. Bank of America will never request your information in this way.
  • Misspellings and grammatical errors. These are often the mark of fraudulent emails or websites. Be on the lookout for typos or grammatical errors, awkward writing and poor visual design.
  • Odd-looking URLs. Many mail programs will display the destination URL of a link when you place your cursor on the link. (Caution: Do not click the link.) A URL that is formatted bankofamerica.suspicious.com will take you to a page on the suspicious.com site, not the Bank of America site, even though Bank of America is used as part of the URL.

See an example of a fraudulent email.

What you can do

Here are some ways you can protect yourself against phishing and spoofing:

  • Always look for your SiteKey® when you sign in to Online Banking
  • Make sure you are at Bank of America’s website when you sign in to Online Banking. SiteKey helps with this, but you can also type www.bankofamerica.com in your browser. If you’re using a secure browser, it will turn your address bar green.
  • If you receive a suspicious email, do not click on any links or reply to it. Forward it to us immediately at abuse@bankofamerica.com then delete it.

Additional resources