Banking

Is the Bank of America text a scam?

Quick answer

Most likely yes if it contains a link or callback number. Real Bank of America fraud alerts come from short codes and ask for a YES/NO reply — never with a link, never asking you to call a number embedded in the message.

Red flags to look for

1
Includes a link or callback number
2
Sender is a regular 10-digit number
3
Asks for your account number, password, PIN, or OTP
4
Threatens immediate account action
5
Uses Bank of America branding but bofa-secure.com type domains

Real examples

Text message

Bank of America: Unauthorized login from Texas. Verify identity: bofa-secure-verify.com or call 1-833-555-0177 now.

Likely Scam

Real BofA does not include verification links or callback numbers in texts. The domain is fake. Calling the number connects to fraud operators.

What to do

Don't tap or call.
Open the BofA app directly, or call 1-800-432-1000 (number on card back).
Forward the text to 7726.
Change your password if you tapped a link and entered anything.
Block and delete.

Not sure about a message? Check it in seconds.

Paste any suspicious text, email, link, or screenshot into Double Check and get a plain-English answer instantly. Free to start. Family alerts included.

Download on the App Store Get for Android

Why scammers use this approach

Bank brand recognition + fraud-alert format trains us to respond quickly. Scammers exploit that conditioning with phishing that feels familiar.

Frequently asked questions

How does the real BofA contact me about fraud?

Short-code SMS with YES/NO reply, an in-app notification, or a phone call to the number on file — never asking you to call a number from a text.