First off I should explain what phishing is. Phishing is basically the act of tricking a victim into divulging information. It involves the receiving of an email message with a link to a website where the victim would enter personal information. In this particular scam, you get an email from "Personal Banking: personalbanking@wellsfargo.com" stating that there may have been some unauthorized access to your account and that you should click the link and enter your account and verify some information. When you click the link you are taken to a site which looks identical to the Wells Fargo site.
If you look at the HTML code of the site, you'll notice that they are almost identical. One thing about this scam which was somewhat surprising is that the message made it past my G-mail spam filter. This is slightly different to scams I have seen before in that they don't ask you to reply to this email with your account number like most others, and they don't ask for passwords or anything like that. They simply request that you log in, as you normally do, which would not raise the eyebrow of normal users. On a closer inspection of the site you will notice that the forms submit the data entered (user name and password) to some foreign script and not to Well Fargo. Most probably, the scammer is having all the usernames and passwords emailed to him. After submission of your information the site responds that your password is incorrect. Here an unsuspecting victim would assume that this was because of the supposed unauthorized access mentioned in the email.
If you try to submit information a few more times, it takes you to another Wells Fargo look-alike page called "Online Banking Verification". Here they ask for SSN number, your ATM card number, the expiration date, the pin number and the CVV2# (4 digit verification). With the ATM information the scammer could max out your debit card. With all the rest of the information he has gathered it would not be at all difficult to call up Wells Fargo and basically take over your account. He could change billing addresses, get checks for you account, and simply wipe it out.
How to spot scams like this
Scams like these are usually easy to spot, but this one in particular was a bit tricky, however there are some basic methods you can use to spot these types of scams.
First of all, check the link. Although it looks like the link is going to Wells Fargo's website, if you let the mouse hover over the link for a while and look in the status bar, you will get the real address of the link. In this case the scammer used just an IP address of his domain or machine. This, however, can be overridden on the internet (if the scammer changes the status bar) and sometimes even in your email, depending on what your security settings are.
Check the address bar. In this case, the address bar reported that the website was also from the scammer's IP address. Simply put, it did not say www.wellsfargo.com. Very seldom would a scammer be able to fake this. They may, however, employ other tricks like buying a domain name with a slight spelling difference that the user might not notice or by simply loading the link in a new window and hiding the address bar altogether.
Lastly, the only full proof method to avoid becoming a victim to a scam like this is to simply call in and verify the information over the phone. Please note; do not use a phone number in the email if one is given. Open up your phone book and locate the number for your firm and ask them about it.
Just remember, if it looks funny and feels funny, it's probably a scam. Do not ever reply to such email messages for personal information as sensitive as account information and SSN.
Below is a copy of the email message for your review and amusement. The link is active, however DO NOT ENTER ANY PERSONAL INFORMATION INTO THESE FORMS. THIS IS NOT WELLSFARO'S SITE.
Kevin. A. Lloyd.
From: Personal Banking < personalbanking@wellsfargo.com >
To: me@me.com
Date: Jun 2, 2005 2:22 PM
Subject: Security Notice #291240 Wells Fargo Internet Banking account
Update Necesary!
Dear Member,
We recently reviewed your account, and suspect that your Wells Fargo Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your acount and of the Wells Fargo network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore your account access, please take the following steps to ensure that your account has not been compromised:
1. Login to your Wells Fargo Internet Banking account. In case you are not enrolled for Internet Banking, you will have to use your Social Security Number as both your Personal ID and Password and fill in all the required information, including your name and account number. 2. Review your recent account history for any unauthorized withdrawls or deposits, and check your account profile to make sure not changes have been made. If any unauthorized activity has taken p! la ce on your account, report this to Wells Fargo staff immediately.
To get started, please click on the link below:
https://online.wellsfargo.com/signon?LOB=CONS
We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire Wells Fargo system. Thank you for your prompt attention to this matter.
Sincerly,
The Wells Fargo Team
Kevin A. Lloyd:
Just launched a website, http://www.DeleteMySpam.com/, dedicated to helping to eliminate the spam crisis.
Nobody wants to pay to remove spyware. At the very... Read More
You and I are a lot alike. We are both... Read More
1. Importance of a Virus Scanner: A Antivirus program can... Read More
A few nights ago I received an email from "2CO"... Read More
Spyware and adware are becoming major problems for online surfers... Read More
Paypal is a great site and is used by many... Read More
Spyware is software that runs on a personal computer without... Read More
If you constantly deal with bank or electronic accounts, it... Read More
The IFCC (Internet Fraud Complaint Center) received over 200,000 complaint... Read More
Watching how the traditional media covers the latest virus or... Read More
The Loss Prevention Manager should be receptive to the needs... Read More
This is the second in a series of articles highlighting... Read More
It's been with us since 1993, it's gotten more intrusive,... Read More
Recently, my site and other internet accounts ( http://www.nabaza.com/sites.htm )... Read More
Spelt phishing, but pronounced as above, this despicable act is... Read More
Have been an Internet user for more than 9 years,... Read More
A firewall is a system or gateway that prevents unauthorized... Read More
Identity theft is one of the most common criminal acts... Read More
The Message Must Get Through ----------------------------- The year is 300A.D.,... Read More
What is a Firewall?The term "firewall" illustrates a system that... Read More
What is Phishing? Phishing is a relatively newly coined term... Read More
Today,on most internet user's computers, we have the ability to... Read More
Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More
If you have used a Windows machine for a while,... Read More
Someone recently told me, "You would have to be a... Read More
This really chapped my lips...I recently bought a new computer.... Read More
NETWORK SECURITIES: IMPORTANCE OF SECURITIESComputers and securities must form a... Read More
Ok, you've got a computer, and you get online. You... Read More
The internet is undoubtedly a fantastic resource for families and... Read More
Computer security for most can be described in 2 words,... Read More
There has not been a time in the history of... Read More
This is the second in a series of articles highlighting... Read More
Identity theft is one of the most common criminal acts... Read More
Have you ever bought a product or service from the... Read More
Remember the television show about the nosy neighbor Mrs. Kravitz... Read More
Ok, ok, I know you've seen them. All those pop... Read More
There is nothing more important that password security in world... Read More
The Threat10 years ago you could probably have run no... Read More
First of all we need to get some terms stated.... Read More
What is Phishing? In a typical Phishing attack, a criminal... Read More
When you signed up for that ultra-fast DSL or Cable... Read More
These six ways to prevent identity theft offer you valuable... Read More
Business on the internet is getting down right shameless. This... Read More
Phishing in its "classic" variant is relatively well-known. Actually, 43.4... Read More
As the number of people using the Internet as an... Read More
Do you sometimes notice your computer running slower. Is your... Read More
Spyware protection software is the easiest way of removing spyware... Read More
It has been said that with the wealth of information,... Read More
What is Phishing? Phishing is a relatively newly coined term... Read More
Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet... Read More
|
|