The “Bank of America – Action Required: Debit Card Restricted” phishing email is a scam that impersonates Bank of America to trick recipients into visiting a fraudulent website and disclosing sensitive information. Although the keyword associated with this campaign is “Bank of America – Action Required: Debit Card Restricted”, the analyzed email itself uses the subject line “Completed: Review and sign merchant charges reversal” and falsely claims that a refund request for disputed merchant charges has been approved.

 

 

According to the email, Bank of America has completed an investigation into unauthorized merchant charges and has issued a refund. Recipients are told that important information regarding their claim is available and are instructed to click a “Review and accept approval” button to review and sign the refund documentation. The message also includes a statement claiming that it is a survey email and mentions Medallia, Inc. in an attempt to appear more credible.

The email does not provide access to a legitimate Bank of America document. Instead, the “Review and accept approval” button redirects recipients to a phishing website controlled by cybercriminals. The fraudulent page is designed to collect confidential information by imitating an official Bank of America login or verification portal.

Depending on the phishing page presented to the victim, users may be asked to enter online banking credentials, personal information, payment card details, or other sensitive data. Any information submitted through the fraudulent website is transmitted directly to the operators of the phishing campaign rather than to Bank of America.

The scam relies on convincing recipients that they are entitled to money. By informing users that a merchant charge dispute has already been resolved in their favor, the attackers attempt to encourage immediate interaction with the email. Recipients who do not remember submitting a dispute may nevertheless open the message out of curiosity, while those who have recently contacted their bank may find the notification particularly convincing.

Another characteristic of the “Bank of America – Action Required: Debit Card Restricted” phishing email is the inclusion of legitimate company names to strengthen its credibility. References to Bank of America and Medallia, Inc. do not indicate that either organization is connected to the phishing campaign. Attackers frequently copy names, logos, and branding from well-known companies to make fraudulent emails appear authentic.

Anyone who entered credentials or financial information after clicking the “Review and accept approval” button should immediately contact their financial institution, change any affected passwords, and review their accounts for unauthorized activity. If banking credentials or payment card information were disclosed, the bank should be informed as soon as possible so that appropriate protective measures can be taken.

The full “Bank of America – Action Required: Debit Card Restricted” phishing email is below:

Subject: Completed: Reviww and sign merchant charges reversal

Bank of America

Dear -,

We’re informing you of your recently approved merchant charges refund. We completed our investigation on your unrecognized merchant charges, and have sent you important information about your claim

[Review and accept approval]

This is a survey email from Bank of America. Bank of America has contracted with Medallia, Inc. to conduct this survey which will help us better serve you

How to recognize phishing emails impersonating banks

Unexpected emails claiming that a refund, reimbursement, or dispute resolution has already been completed should be treated cautiously, especially if the recipient did not initiate the process. Messages encouraging users to review documents or accept approvals through embedded buttons are commonly used in phishing campaigns.

Recipients should also verify where email links lead before interacting with them. A button claiming to open Bank of America documents should direct users only to an official Bank of America domain. If the destination website uses an unrelated domain name, the message should be considered suspicious.

The sender’s address should also be examined carefully. Phishing emails often use display names associated with trusted organizations, while the underlying email address belongs to an unrelated domain.

Another warning sign is any request to sign in after following a link received in an unsolicited email. Legitimate banking services can be accessed by manually navigating to the institution’s official website instead of using links contained in unexpected messages.

If an email claims that a banking dispute has been resolved or a refund has been approved, the safest approach is to verify the information directly through the bank’s official website, mobile banking application, or customer support. Avoid using contact information or links provided in the email itself until the notification has been independently confirmed.

Site Disclaimer

2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply