Just got a very sophisticated phishing call purporting to be from Bank of America. The friendly recorded voice said it was calling from BofA's fraud protection unit. It was driven by an automated response system that sounded extremely professional.
I didn't run through the suggested menu as it presented supposed suspicious activity on my credit card. I chose to look at the site where they said I could track the activity online(www.myfraudprotection.com). The sign-in screen asked for my account number, which I didn't provide any information. Instead, I went to the Bank of America main site and searched for "fraud protection."
BofA uses different terminology and their fraud page was very different from the fake site's, which still looked official. myfraudprotection.com even had a Verisign popup that seemed in order.
Here's more about the email scheme. But it's the slick new robocall feature that may make this scam work.
UPDATE: It turns out someone did try to use a card I had left inactive for a long time.
Apparently the bank's fraud protection algorithm works pretty well, since they called me after one charge and a second attempt. Too bad all the phishing emails I'd received in the past had made me suspicious of the BofA brand. (BofA had acquired the bank where the card was initially issued, so I didn't have any "brand loyalty.")
It's possible of the two emails I received was legit, but now that they've been deleted and flushed, I can't go back and check more. Nor do I want to. But this has got to make the bank crazy if I'm at all representative of the people who have stopped trusting them because of scammers.