From: Bank Of America [email@example.com]
We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us.
If this is not completed by July 26, 2007, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.
To confirm your Online Banking records click on the following link:
Thank you for your patience in this matter.
Bank Of America Customer Service
Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.
2007 Bank Of America, Inc. All Rights Reserved.
Sneaky bastards. The only part that tipped me off was that when I went to log in, it didn't do the passcode thing. (When you log onto BofA, you enter your username or whatever, then click and come to a new screen where they show you a picture and a word that is unique to your account, so you know it's really them. This site asked for both username and passcode on the same page.) However, I should have known it was a fraud by the sender's email address (@gmail.com) and from the link address (not http://www.bankofamerica.com).
But I hear now that they (spammers) can fake the passcode thing: they get just enough information from you to query the real host, then they relay the correct picture and word back to you. Sneaky! Don't be fooled!
Then a minute ago when I went to show my labmate what had happened, when I clicked on the link again, Firefix popped up a message saying that this page had been marked as potential fraud. Go Firefox!