'Phishy' Bank of America e-mail tries to hook recipients

  • Published
  • By Michelle Gigante
  • Air Force Materiel Command Public Affairs
Anyone with a computer can be the target of a phishing scam and military rank offers no protection. This was evident July 3 when Lt. Gen. Terry Gabreski, vice commander of Air Force Materiel Command, discovered a phishing scam in her e-mail inbox.

The e-mail purported to be from Bank of America, which issues the government travel card used by federal employees. Headquarters AFMC receives about three fraudulent Bank of America phishing e-mails weekly, according to Andrew Papp, AFMC's program coordinator for Bank of America's Visa travel card.

Phishing is commonly described as a criminal activity that uses social engineering techniques to extract personal information from computer users. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as trustworthy people or businesses in electronic communication. Phishing is typically carried out using e-mail or instant messages.

Banks and financial institutions report that con artists send millions of fraudulent messages that appear to come from trusted Web sites. This includes Bank of America, which is responsible for the official government travel card for the Department of Defense.

According to Brig. Gen. David Price, the Financial Management director at Headquarters AFMC, everyone is a target and, thus, must be careful when they get a suspicious e-mail.

"If you receive an e-mail asking to update your personal financial information, it's bogus," General Price said. "There are countless phishing scams in use today and new ones are constantly appearing on the net."

Warning signs of the latest scams ask people to "update," "validate," or "confirm" their account information.

Part of the recent Bank of America phishing e-mail included: "With this upgrade, you are required to update your online account to avert any technical error with our processors. Go to the link bellow to update your account."

According to the Federal Trade Commission, the nation's consumer protection agency, phishing e-mails generally appear to be from a business or organization. The messages direct you to a Web site that looks like a legitimate organization's site. But the fake site's sole purpose is to trick people into divulging their personal information. This allows the sites' operators to steal identities and run up bills or commit crimes using someone else's name.

Mr. Papp added that Bank of America proactively monitors phishing attempts through its own research. Bank of America's abuse department shuts down these sites as quickly as possible.

Bank of America provides customers with a variety of tools to identify and report fraud at Bank of America's Web site, which is:


How can computer users not get hooked by a 'phishing' scam?

If you get an e-mail or pop-up message that asks for personal or financial information, do not reply.

Don't email personal or financial information.

Review credit card and bank account statements as soon as you receive them.

Be cautious of attachments that end with .exe, com, .vbs, .bat, or .shs extensions.

Remaining alert and vigilant is important. Clicking a link inside a phisher's e-mail could cause problems. Officials say the best way to deal with phishing attempts is to delete the e-mail.