Wells Fargo Report Phishing Scam

First off I should explain what phishing is. Phishing is basically the act of tricking a victim into divulging information. It involves the receiving of an email message with a link to a website where the victim would enter personal information. In this particular scam, you get an email from "Personal Banking: personalbanking@wellsfargo.com" stating that there may have been some unauthorized access to your account and that you should click the link and enter your account and verify some information. When you click the link you are taken to a site which looks identical to the Wells Fargo site.

If you look at the HTML code of the site, you'll notice that they are almost identical. One thing about this scam which was somewhat surprising is that the message made it past my G-mail spam filter. This is slightly different to scams I have seen before in that they don't ask you to reply to this email with your account number like most others, and they don't ask for passwords or anything like that. They simply request that you log in, as you normally do, which would not raise the eyebrow of normal users. On a closer inspection of the site you will notice that the forms submit the data entered (user name and password) to some foreign script and not to Well Fargo. Most probably, the scammer is having all the usernames and passwords emailed to him. After submission of your information the site responds that your password is incorrect. Here an unsuspecting victim would assume that this was because of the supposed unauthorized access mentioned in the email.

If you try to submit information a few more times, it takes you to another Wells Fargo look-alike page called "Online Banking Verification". Here they ask for SSN number, your ATM card number, the expiration date, the pin number and the CVV2# (4 digit verification). With the ATM information the scammer could max out your debit card. With all the rest of the information he has gathered it would not be at all difficult to call up Wells Fargo and basically take over your account. He could change billing addresses, get checks for you account, and simply wipe it out.

How to spot scams like this

Scams like these are usually easy to spot, but this one in particular was a bit tricky, however there are some basic methods you can use to spot these types of scams.

First of all, check the link. Although it looks like the link is going to Wells Fargo's website, if you let the mouse hover over the link for a while and look in the status bar, you will get the real address of the link. In this case the scammer used just an IP address of his domain or machine. This, however, can be overridden on the internet (if the scammer changes the status bar) and sometimes even in your email, depending on what your security settings are.

Check the address bar. In this case, the address bar reported that the website was also from the scammer's IP address. Simply put, it did not say www.wellsfargo.com. Very seldom would a scammer be able to fake this. They may, however, employ other tricks like buying a domain name with a slight spelling difference that the user might not notice or by simply loading the link in a new window and hiding the address bar altogether.

Lastly, the only full proof method to avoid becoming a victim to a scam like this is to simply call in and verify the information over the phone. Please note; do not use a phone number in the email if one is given. Open up your phone book and locate the number for your firm and ask them about it.

Just remember, if it looks funny and feels funny, it's probably a scam. Do not ever reply to such email messages for personal information as sensitive as account information and SSN.

Below is a copy of the email message for your review and amusement. The link is active, however DO NOT ENTER ANY PERSONAL INFORMATION INTO THESE FORMS. THIS IS NOT WELLSFARO'S SITE.

Kevin. A. Lloyd.

From: Personal Banking < personalbanking@wellsfargo.com >
To: me@me.com
Date: Jun 2, 2005 2:22 PM
Subject: Security Notice #291240 Wells Fargo Internet Banking account
Update Necesary!

Dear Member,
We recently reviewed your account, and suspect that your Wells Fargo Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your acount and of the Wells Fargo network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore your account access, please take the following steps to ensure that your account has not been compromised:

1. Login to your Wells Fargo Internet Banking account. In case you are not enrolled for Internet Banking, you will have to use your Social Security Number as both your Personal ID and Password and fill in all the required information, including your name and account number. 2. Review your recent account history for any unauthorized withdrawls or deposits, and check your account profile to make sure not changes have been made. If any unauthorized activity has taken p! la ce on your account, report this to Wells Fargo staff immediately.

To get started, please click on the link below:

https://online.wellsfargo.com/signon?LOB=CONS

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire Wells Fargo system. Thank you for your prompt attention to this matter.

Sincerly,
The Wells Fargo Team

Kevin A. Lloyd:

Just launched a website, http://www.DeleteMySpam.com/, dedicated to helping to eliminate the spam crisis.

In The News:
Erin Kuiper named General Manager of InBuckeye, the city's only hyperlocal news source
Introducing "¡Skewed Up!" Your New National Online Humor NewZine
Deep analysis of a quirky documentary "Prince of Eurasia: Monotheism and Devils" of the director and executive producer Prince Oak Oakleyski
Ingrid Smith Home Alone on the Phone!
"Jim Peters At Night" Does Its 100th Show

pen paper and inkwell


cat break through


Securities

NETWORK SECURITIES: IMPORTANCE OF SECURITIESComputers and securities must form a... Read More

Identity Theft Offline -- So Many Possibilities

Chris Simpson, head of Scotland Yard's computer crime unit was... Read More

Everything You Need To Know About Spyware and Malware

You are at your computer, checking out software on EBay.... Read More

Mall Protection

The Loss Prevention Manager should be receptive to the needs... Read More

The Risk Of Electronic Fraud & Identity Theft

Electronic Fraud and Identity Theft Human beings are pretty... Read More

Just Whos Computer is this Anyway?

Well, this is an article I never thought I would... Read More

Be Alert! Others Can Catch Your Money Easily!

So called phishers try to catch the information about the... Read More

What Can Be Done About Spyware And Adware

Having a good Spyware eliminator on your computer is vital... Read More

Top Ten Spyware and Adware Threats Identified

On December 8, 2004 Webroot, an award winning anti-spyware solution... Read More

The Top Twelve Threats No Computer User Should Ignore

The internet is undoubtedly a fantastic resource for families and... Read More

Internet Scams: Dont be a Victim

As the number of people using the Internet as an... Read More

Firewall Protection - Does Your Firewall Do This?

The first thing people think about when defending their computers... Read More

Virus Prevention 101

Blaster, Welchia, Sobig, W32, Backdoor, Trojan, Melissa, Klez, Worm, Loveletter,... Read More

IPv6 - Next Step In IP Security

IPv6, IntroductionThe high rate at wich the internet continualy evolves... Read More

Virus and Adware - Fix them Both!

We all get the odd virus now and then, but... Read More

Spyware, What It Is, What It Does, And How To Stop It

Spyware is software that runs on a personal computer without... Read More

Can I Guess Your Password?

We all know that it's dangerous to use the same... Read More

Website Security - Creating a Bulletproof Site in 5 Easy Steps

When it comes to a secure website and passwords it... Read More

Top Five Spyware Fighting Tips

Spyware and adware are becoming major problems for online surfers... Read More

What is Spyware?

The most frustrating part of having Spyware on your computer... Read More

Ransom Trojan Uses Cryptography for Malicious Purpose

Every day millions of people go online to find information,... Read More

Social Engineering: You Have Been A Victim

Monday morning, 6am; the electric rooster is telling you it's... Read More

Its War I Tell You!

There are ways to insure security though. You can get... Read More

Crack The Code - Thats A Direct Challenge

I Challenge You To Crack The Code ------------------------------------- I had... Read More

Identity Theft - Dont Blame The Internet

Identity theft ? also known as ID theft, identity fraud... Read More

A Personal Experience with Identity Theft

Some months ago, before there was much publicity regarding phishing... Read More

Detect Spyware Online

You can detect spyware online using free spyware cleaners and... Read More

5 Simple Steps to Protect your Digital Downloads

A couple of days ago, I was searching for a... Read More

3 Things You Must Know About Spyware

1)Spyware is on your system. Like it or not, statistically... Read More

6 Ways To Prevent Identity Theft

These six ways to prevent identity theft offer you valuable... Read More

How To Prevent Spyware Attacking Your Computer

Spyware is software or hardware installed on a computer without... Read More

Secrets On Security: A Gentle Introduction To Cryptography

Let us take the example of scrambling an egg. First,... Read More

Check Out That Privacy Policy

Before you enter your name, address or any other data... Read More