Bank of America phishing page in Spanish revealed

Posted byAnti-phishing Leave a comment on Bank of America phishing page in Spanish revealed

This screenshot shows a phishing page impersonating Bank of America, targeting Spanish‑speaking customers. The page mimics the bank’s online login interface to steal online banking credentials (Identificación en línea and Contraseña).

Threat Analysis: Bank of America Phishing – Fake Spanish‑Language Login Page

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The link leads to this fake login page. The victim is asked to enter their online ID and password and click “Entrar.” The credentials are captured and sent to the attacker.

The goal:
The attacker aims to steal online banking credentials to access the victim’s real Bank of America account, view balances, transfer funds, and commit fraud.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not bankofamerica.com. Legitimate Bank of America login pages are only on official bank domains.
  • Unsolicited login request: Bank of America does not send links requiring customers to log in to resolve account issues.
  • Outdated copyright: The footer shows “© 2021” – a phishing page often copies an old year. The real site would show the current year.
  • No personalization or security image: Legitimate Bank of America login pages display a security image or phrase after you enter your online ID. This page lacks that feature.
  • Copied content: The page uses real Bank of America branding and slogans (“Área protegida,” “Miembro de FDIC”), but these are copied from the legitimate site and do not guarantee safety.

What to do if you encounter this:

  • Do not enter your online ID or password.
  • If you are a Bank of America customer, always access online banking by typing bankofamerica.com directly into your browser.
  • If you have already entered your credentials, contact Bank of America immediately to change your password and secure your account.
  • Report the phishing page to Bank of America’s fraud team (e.g., [email protected]).

Protective measures:

  • Bookmark the official Bank of America login page and use that bookmark.
  • Use a password manager – it will autofill only on legitimate bankofamerica.com domains.
  • Enable two‑factor authentication on your bank account.
  • Be suspicious of any unsolicited message that asks you to log in.

Leave a comment

Your email address will not be published. Required fields are marked *