An
Email with the Subject "Fraud Alert from Bank Of America ID-720194640" was
received in one of Scamdex's honeypot email accounts on Thu, 22 Mar 2012 09:28:04 -0700
and has been classified as a Generic Scam Email.
The sender shows as "BoA Security Department" <security@bankofamerica.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
atm bankcheckaccounttransactioncustomercustomsecurereportonlinebank from bank securityboaachdear
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => news@scamdex.com
[delivery-date:] => Thu, 22 Mar 2012 09:28:04 -0700
[received:] => Array
(
[0] => from adsl214-245.pool.businesstel.hu ([213.181.214.245] helo=214-245.pool.businesstel.hu)by lester.newsblaze.com with smtp (Exim 4.69)(envelope-from )id 1SAkrS-0004hw-1nfor news@scamdex.com; Thu, 22 Mar 2012 09:28:04 -0700
[1] => from vamx04.bankofamerica.com (HELO vadmzmailmx04.bankofamerica.com)([171.159.192.80])by txslspamp1.vtext.com with ESMTP/TLS/DHE-RSA-AES256-SHA;Thu, 22 Mar 2012 17:27:54 +0100
[2] => from vadmzmailmx07.bankofamerica.com ([171.182.203.234])by vadmzmailmx04.bankofamerica.com (8.13.8/8.13.6) with ESMTP idq2G4xn50017672; Thu, 22 Mar 2012 17:27:54 +0100
[3] => from memva2mta02.bankofamerica.com (memva2mta02.bankofamerica.com[171.186.140.77])by vadmzmailmx07.bankofamerica.com (8.14.3/8.13.6) with ESMTP idq2G4xnqx024313; Thu, 22 Mar 2012 17:27:54 +0100
)
[dkim-signature:] => v=1; a=rsa-sha256; c=relaxed/simple; d=bankofamerica.com;s=corp1; t=1331873990;bh=h8pOL11uZXGyswiHlx2Km0THVjkwyLApPgvAZ+319Ak=;h=Date:From:Subject:To:Reply-to:Message-id:MIME-version:Content-type:Content-transfer-encoding;b=bpTRc0WNp+1x6ygJLPYHIaUltmQuObkWg1aG/fUwg9WhUA3zHuVqZ6ma5Er1wvZ3k0DZKUwwy14Zds0lNwC0OZBB6mnho9GnEBeRXSxFmLiHrxNSdobdEYOZ9MbHm++EbbfRJ36d8iLqI97M0C4g0mP4S9hUvmBcGWqlATr4J1M=
[from:] => "BoA Security Department"
[to:] =>
[subject:] => Fraud Alert from Bank Of America ID-720194640
[date:] => Thu, 22 Mar 2012 17:27:54 +0100
[mime-version:] => 1.0
[x-priority:] => 3
[x-mailer:] => uyzjimzw.79
[message-id:] => <0004185347.R9550C0I867035@wlxijgpjbwwdkr.vccbupwa.info>
[content-type:] => multipart/mixed; boundary="----=a__ejmgleqqcp_22_41_71"
[x-spam-status:] => No, score=1.3
[x-spam-score:] => 13
[x-spam-bar:] => +
[x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: Hello Dear! We have received too many reports from our customersabout fraudulent online and ATM transactions. We have launched a new securitysystem to secure new and old accounts from this kind of fraud. To preventyour checking or savings account from this fraud, update your informationon the attached file which you should download and open. Thank You Bank ofAmerica Security TeamThu, 22 Mar 2012 17:27:54 +0100 H5YG9CCUNS2SS7B0X7QZKL165Hello Dear! We have received too many reports from our customers about fraudulentonline and ATM transactions. We have launched a new security system to securenew and old accounts from this kind of fraud. To prevent your checking orsavings account from this fraud, update your information on the attachedfile which you should download and open. [...] Content analysis details: (1.3 points, 4.0 required)pts rule name description---- ---------------------- --------------------------------------------------0.0 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool orGeneric rPTR1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)0.0 HTML_MESSAGE BODY: HTML included in message0.4 RDNS_DYNAMIC Delivered to internal network by host withdynamic-looking rDNS0.0 KHOP_DYNAMIC Relay looks like a dynamic address
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
Hello Dear!
We have received too many reports from our customers about fraudulent online and
ATM transactions. We have launched a new security system to secure new and old
accounts from this kind of fraud. To prevent your checking or savings account from
this fraud, update your information on the attached file which you should download
and open.
Thank You
Bank of America Security Team
Thu, 22 Mar 2012 17:27:54 +0100 H5YG9CCUNS2SS7B0X7QZKL165
Hello Dear!
We have received too many reports from our customers about fraudulent online and
ATM transactions. We have launched a new security system to secure new and old
accounts from this kind of fraud. To prevent your checking or savings account from
this fraud, update your information on the attached file which you should download
and open.
Thank You
Bank of America Security Team
Thu, 22 Mar 2012 17:27:54 +0100 H5YG9CCUNS2SS7B0X7QZKL165
