BOfA: Your Bank Card is restricted. To prevent unauthorized transactions, follow (this hyperlink) to take necessary steps to secure your details.
I don’t have a BofA account. Furthermore, when I call the number the text originated from, there is a message that says:
Thanks for the call. Configure your number’s url to change this message. Let us know if we can help you during your development.
The url in the hyperlink is three characters dot two characters slash six characters. Although it leads to what looks like a BofA site (I guess. I’ve never seen one) the url format is one I’ve never seen before. I find it both additionally suspicious and also amusing that they didn’t even change the text displayed for the link to something more convincing.
And do NOT reply to the email, or click on any links in it, or send email to any addresses contained in the email. Any of those things will also tell the sender that they’ve reached a live person, after which you will be fair game for even more of these.
I get several of these every week (not even counting the many more that go into my spam folder). I don’t even bother to do anything with them anymore. I just delete them. Reporting them doesn’t hurt, but it is unlikely to have any effect.
Bank of America (like many other financial institutions) has an address for people to forward phishing emails that were sent in their name: abuse@bankofamerica.com
I don’t know what they do with them when they get them, but I like to imagine they perform some sort of investigation.