---
title: "The Scary Phishing Attack on Bank of America | Phish Protection"
description: "The Scary Phishing Attack on Bank of America: Just detecting a phishing attack on a bank isn"
image: "https://phishprotection.com/og/blog/the-scary-phishing-attack-on-bank-of-america.png"
canonical: "https://phishprotection.com/blog/the-scary-phishing-attack-on-bank-of-america/"
---

Quick Answer

Just detecting a \*\*phishing attack\*\* on a bank isn't an extraordinary event. \_There are dozens of phishing attacks per week targeted at the major international banks\_. As phishing targets go, banks are just too enticing for hackers to ignore. And banks, for the most part, understand the threat and are prepared to deal with most attacks. Most!

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-scary-phishing-attack-on-bank-of-america%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=The%20Scary%20Phishing%20Attack%20on%20Bank%20of%20America&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-scary-phishing-attack-on-bank-of-america%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-scary-phishing-attack-on-bank-of-america%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-scary-phishing-attack-on-bank-of-america%2F&title=The%20Scary%20Phishing%20Attack%20on%20Bank%20of%20America "Share on Reddit") [ ](mailto:?subject=The%20Scary%20Phishing%20Attack%20on%20Bank%20of%20America&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-scary-phishing-attack-on-bank-of-america%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/06/protection-from-phishing-0321.jpg) 

Just detecting a **phishing attack** on a bank isn’t an extraordinary event. _There are dozens of phishing attacks per week targeted at the major international banks_. As phishing targets go, banks are just too enticing for hackers to ignore. And banks, for the most part, understand the threat and are prepared to deal with most attacks. Most!

_There are technologies available specifically designed to thwart phishing attacks_. These include [SPF](https://en.wikipedia.org/wiki/Sender%5FPolicy%5FFramework) (Sender Policy Framework), [DKIM](https://en.wikipedia.org/wiki/DomainKeys%5FIdentified%5FMail) (DomainKey Identified Mail) and [DMARC](https://en.wikipedia.org/wiki/DMARC) (Domain-based Message Authentication, Reporting & Conformance). DMARC, an industry standard that _flags messages where the “from” field in an email header has been tampered_, in particular is good for **stopping phishing attacks**. Well, it used to be.

According to an article on [Threat Post](https://threatpost.com/bofa-phish-gets-around-dmarc-other-email-protections/156688/), “_A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month_, with emails that get around **secure gateway protections** and heavy-hitting protections like DMARC.”

_DMARC “ensures emails are authenticated before they reach users’ mailboxes and confirms that they have been sent from legitimate sources_. If configured correctly, potential **phishing emails** can be stopped at the gateway, or redirected to the junk folder.” But this phishing attack bypassed the gateway even with correctly configured DMARC. And that makes this phishing attack scary.

Now, to be sure, _these attackers were very sophisticated. They knew where the cracks in the system were_. For instance, “the attackers used a brand-new, never-before-used URL to set up their **phishing website**. Because the page is hosted on a new domain, it was able to get past any filters that were created to block known bad links.” That doesn’t make it any less scary.

So, what can an ordinary company - not a big international bank with plenty of resources - do to protect itself? Well, contrary to what you just read, you really should institute all the technologies mentioned above (SPF, DKIM, DMARC). No, _they’re not perfect, but they are way better than not using them_. There is one other thing you can do. _Put up another line of defense_.

![Protection from phishing](https://media.mailhop.org/phishprotection/images/2020/06/protection-from-phishing-0321.jpg) 

Another line of defense is **cloud-based email security** like that available from [Phish Protection](/). The secret to putting up a **strong phishing defense** is to _keep all suspicious emails out of your inbox until you can determine whether or not they’re a threat_. And that’s exactly how cloud-based Phish Protection works. Emails intended for you are first routed to the Phish Protection web application where it analyzes it for phishing characteristics, and _if it spots any, it blocks it from forwarding and thereby keeps it out of your inbox_.

Since it’s cloud-based, _Phish Protection requires no hardware, no software, no maintenance and no upfront costs_. And, it **sets up in 10 minutes** with one simple change to the DNS record.

_You can try Phish Protection free of charge for 60 days_. And after the 60 day, when you decide you love it and want to purchase, you’ll discover it only costs **pennies per user** per month. Don’t let the bad guys win. _Try Phish Protection today_

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"The Scary Phishing Attack on Bank of America","description":"The Scary Phishing Attack on Bank of America: Just detecting a phishing attack on a bank isn't an extraordinary event. There are dozens of phishing attacks.","url":"https://phishprotection.com/blog/the-scary-phishing-attack-on-bank-of-america/","datePublished":"2020-06-29T12:41:50.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-06-29T12:41:50.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/the-scary-phishing-attack-on-bank-of-america/"},"articleSection":"foundational","keywords":"Phishing","wordCount":510,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/06/protection-from-phishing-0321.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"The Scary Phishing Attack on Bank of America","item":"https://phishprotection.com/blog/the-scary-phishing-attack-on-bank-of-america/"}]}
```