"During our usual security enhancement protocol, we observed multiple login attempt error while login in to your online banking account," the email says. "We have believed that someone other than you is trying to access your account for security reasons, we have temporarily suspend your account and your access to online banking and will be restricted if you fail to update."
According to PhishTank, the offered link takes potential victims to a very realistically spoofed Bank of America login page:
The fake webpage was located on http://account.safe.bankofamerica.com.flipthisbod.com/home/sign-in/, but has since been made unavailable. Still, the URL in the email can be easily changed to point to another page, so be careful!
If you aren't sure whether the email is legitimate or not, check your account but do not do it by following the link embedded in the email - type in the correct, legitimate URL in the browser's address bar, or use already set up bookmars.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.