Here are some important steps you can take right away if you believe your identity has been compromised:

1. Contact your financial institutions and creditors.
Speak with their fraud departments and explain that someone has stolen your identity.

2. Check your credit reports and place a fraud alert on your file.
Initiate a fraud alert by contacting one of the three credit bureaus (when you contact one credit bureau, the other two bureaus are notified automatically):

• Experian: 888-397-3742
• TransUnion: 800-680-7289
• Equifax: 888-766-0008

3. File an identity theft report and retain it for your records.
Complete a report online at the Federal Trade Commissions (FTC) identity theft website layer and contact your local law enforcement to report the crime.

4. Watch out for suspicious emails, phone calls or text messages asking you for your personal information.
Always verify that the communication is legitimate by calling the organization back through an official phone number.

5. Review our Fraud Prevention Checklist.
Learn simple steps you can take to better protect yourself against fraud and scams.

A merchant compromise is an organized theft of ATM, debit card or credit card information.

We continuously monitor transactions for suspicious activity. If we detect that your Bank of America card may have been part of a merchant compromise, this does not necessarily mean that fraud has occurred (or will occur) on your account. Still, as part of our concern for your security, we may deactivate your current card and issue you a new one as a precaution to help keep your account safe.

Your security is our top priority. Please visit our merchant compromise page to learn how we protect you and to see what you need to do next in the event we notified you that a new card is on the way.

Phishing emails (fraudulent emails that appear to be legitimate) usually contain features that reveal their true intent - if you know what to look for:

• Often the message doesn't address you by name. It also implies urgency, attempting to get you to act quickly before you have time to carefully read the message or examine it thoroughly.
• If you hover over a link in a phishing email, it will usually show you that it's pointing to a site different from the one stated in the message. The goal is to get you to click through to a web page where you'll be asked to provide personal information or open an attachment that may be malicious.
• Phishing messages often contain grammar and/or spelling errors.

Voice phishing is an attempt by a fraudulent source to obtain your identity, credit card details or money by phone. Be suspicious when receiving a phone call if the Caller ID or automated voice appears to be from Bank of America and asks you to confirm account details. We will never contact you asking you for your bank or credit card numbers.

We value our relationship with you. Our products and services are designed with your best interests in mind. Our employees place the highest importance on protecting your information and preventing data loss.

If you believe you've discovered a potential security concern on any Bank of America product, application, service or affiliated site, contact us by emailing security@bankofamerica.com and a member of the Bank of America Security Team will reach out to you.

Please provide the following information in your email:

• Your preferred method of contact and your contact details to discuss your concern.
• A general high-level description of the issue and concern (do not include specific details of your concern until the Bank of America Security team has established a secure communication channel with you)

We ask our employees and customers to look for opportunities to do the right thing in every aspect of their daily lives. Please note submissions are not eligible for compensation.

Watch our guided demos for steps on how to recover your ID or passcode

• Online Banking
• Mobile Banking