How Tom caught a scammer targeting his bank account
I received this email yesterday, is it legitimate? From: security-alert@hsbc-support-center.com Subject: ⚠️ Urgent: Suspicious activity detected on your account Hi Tom, We detected unusual sign-in activity on your HSBC account ending in 3486. To protect your account, we have temporarily limited access. Please verify your identity within 24 hours to restore full access: 👉 **Verify my account now** If you do not verify, your account will be permanently suspended. HSBC Security Team
This is a phishing email. Do not click any links in it. Here's why it's clearly fraudulent:
The sender domain is fake. Bank of America's real domain is bankofamerica.com. This email comes from bankofamerica-support-center.com — a completely different domain designed to look legitimate at a glance.
The tactics are classic phishing patterns
- Artificial urgency ("24 hours" or "permanently suspended")
- Threats of account loss to pressure you into acting fast without thinking
- Emoji in the subject line to grab attention
- A vague "unusual activity" claim with just enough detail (last 4 digits) to seem credible
The last 4 digits don't mean much
Scammers can obtain partial account numbers from data breaches or simply guess — this detail is meant to make the email feel personalized and trustworthy.
What to do
- Don't click any links in the email
- Mark it as phishing/spam in your email client
- If you're genuinely worried about your BofA account, go directly to bankofamerica.com by typing it in your browser, or call the number on the back of your card
- You can also forward phishing emails to abuse@bankofamerica.com
Want to ask something similar?
Try it yourself →