Wells Fargo Report Phishing Scam

First off I should explain what phishing is. Phishing is basically the act of tricking a victim into divulging information. It involves the receiving of an email message with a link to a website where the victim would enter personal information. In this particular scam, you get an email from "Personal Banking: [email protected]" stating that there may have been some unauthorized access to your account and that you should click the link and enter your account and verify some information. When you click the link you are taken to a site which looks identical to the Wells Fargo site.

If you look at the HTML code of the site, you'll notice that they are almost identical. One thing about this scam which was somewhat surprising is that the message made it past my G-mail spam filter. This is slightly different to scams I have seen before in that they don't ask you to reply to this email with your account number like most others, and they don't ask for passwords or anything like that. They simply request that you log in, as you normally do, which would not raise the eyebrow of normal users. On a closer inspection of the site you will notice that the forms submit the data entered (user name and password) to some foreign script and not to Well Fargo. Most probably, the scammer is having all the usernames and passwords emailed to him. After submission of your information the site responds that your password is incorrect. Here an unsuspecting victim would assume that this was because of the supposed unauthorized access mentioned in the email.

If you try to submit information a few more times, it takes you to another Wells Fargo look-alike page called "Online Banking Verification". Here they ask for SSN number, your ATM card number, the expiration date, the pin number and the CVV2# (4 digit verification). With the ATM information the scammer could max out your debit card. With all the rest of the information he has gathered it would not be at all difficult to call up Wells Fargo and basically take over your account. He could change billing addresses, get checks for you account, and simply wipe it out.

How to spot scams like this

Scams like these are usually easy to spot, but this one in particular was a bit tricky, however there are some basic methods you can use to spot these types of scams.

First of all, check the link. Although it looks like the link is going to Wells Fargo's website, if you let the mouse hover over the link for a while and look in the status bar, you will get the real address of the link. In this case the scammer used just an IP address of his domain or machine. This, however, can be overridden on the internet (if the scammer changes the status bar) and sometimes even in your email, depending on what your security settings are.

Check the address bar. In this case, the address bar reported that the website was also from the scammer's IP address. Simply put, it did not say www.wellsfargo.com. Very seldom would a scammer be able to fake this. They may, however, employ other tricks like buying a domain name with a slight spelling difference that the user might not notice or by simply loading the link in a new window and hiding the address bar altogether.

Lastly, the only full proof method to avoid becoming a victim to a scam like this is to simply call in and verify the information over the phone. Please note; do not use a phone number in the email if one is given. Open up your phone book and locate the number for your firm and ask them about it.

Just remember, if it looks funny and feels funny, it's probably a scam. Do not ever reply to such email messages for personal information as sensitive as account information and SSN.

Below is a copy of the email message for your review and amusement. The link is active, however DO NOT ENTER ANY PERSONAL INFORMATION INTO THESE FORMS. THIS IS NOT WELLSFARO'S SITE.

Kevin. A. Lloyd.

From: Personal Banking < [email protected] >
To: [email protected]
Date: Jun 2, 2005 2:22 PM
Subject: Security Notice #291240 Wells Fargo Internet Banking account
Update Necesary!

Dear Member,
We recently reviewed your account, and suspect that your Wells Fargo Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your acount and of the Wells Fargo network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore your account access, please take the following steps to ensure that your account has not been compromised:

1. Login to your Wells Fargo Internet Banking account. In case you are not enrolled for Internet Banking, you will have to use your Social Security Number as both your Personal ID and Password and fill in all the required information, including your name and account number. 2. Review your recent account history for any unauthorized withdrawls or deposits, and check your account profile to make sure not changes have been made. If any unauthorized activity has taken p! la ce on your account, report this to Wells Fargo staff immediately.

To get started, please click on the link below:

https://online.wellsfargo.com/signon?LOB=CONS

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire Wells Fargo system. Thank you for your prompt attention to this matter.

Sincerly,
The Wells Fargo Team

Kevin A. Lloyd:

Just launched a website, http://www.DeleteMySpam.com/, dedicated to helping to eliminate the spam crisis.

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

NPR

Travel Ban At The Supreme Court: National-Security Experts Come ...
NPR
It is rare, if not unheard of, for former intelligence experts to weigh in against the government in a major national-security case. But the Trump travel ban, to be argued Wednesday in the U.S. Supreme Court, has produced an astounding and bipartisan ...
Why Dozens Of National-Security Experts Have Come Out Against Trump's Travel BanNew Hampshire Public Radio

all 1 news articles »

CSO Online

New Georgia law criminalizes good-faith security research, permits vigilante action
CSO Online
The bill, if signed into law, will hurt the state's economy and drive jobs and talent out of state, Robert Graham, a Georgia-based security researcher, tells CSO. "I can tell you as the former chief scientist of ISS (Internet Security Systems), the dot ...


The Guardian

'No national security connection' to Toronto van incident, minister says – video
The Guardian
The Toronto police chief, Mark Saunders, says Alek Minassian, suspected of driving a van into pedestrians, killing 10 people and injuring 15, was not known to police. The federal public safety minister, Ralph Goodale, standing next to Saunders, says ...


San Francisco Chronicle

SF to roll out enhanced security at its garages to reduce vehicle break-ins
San Francisco Chronicle
And on Thursday, Mayor Mark Farrell, SFMTA Director Ed Reiskin and San Francisco Police Chief Bill Scott will announce a $32.5 million plan to roll out similar security upgrades and other improvements at all 20 of the city's parking garages and two of ...


PaymentsJournal

Combatting the New Normal
PaymentsJournal
Once again, yet another data breach has made national headlines. This time, it involves the payment systems of Saks Fifth Avenue and Lord & Taylor. While the Hudson Bay Company – which owns the two department stores – has already confirmed there was a ...


ZDNet

This cryptocurrency mining malware also disables your security services
ZDNet
A new form of cryptocurrency mining malware uses a leaked NSA-exploit to spread itself to vulnerable Windows machines, while also disabling security software and leaving the infected computer open to future attacks. The Python-based malicious Monero ...


Computerworld

The best privacy and security apps for Android
Computerworld
LastPass works equally well on the desktop and seamlessly syncs your info across multiple devices and platforms (using its own secure cloud storage and device-level encryption). Its core features are completely free, while a $24-a-year premium ...

and more »

Security Exercise Held At Portsmouth Naval Shipyard
Maine Public
KITTERY, Maine - The Portsmouth Naval Shipyard is alerting local residents about security exercise. Officials said the training exercise on Tuesday is aimed at enhancing security readiness and emergency response. They said area residents may see and ...

and more »

Bloomberg

Pence Names Keith Kellogg as Top National Security Adviser ...
Bloomberg
Vice President Mike Pence named Keith Kellogg as his top national security aide, after the previous candidate for the post withdrew amid reports that President Donald Trump was angered over his role in anti-Trump attack ads.

and more »

Reuters

Pruitt's spending on security sweep draws fresh fire from lawmakers
Reuters
Pruitt has come under fire for his spending on travel and office improvements, and a Government Accountability Office report last week said the agency violated the law when it spent $43,000 on a secure soundproof booth for Pruitt's office. [L2N1QO1Q1 ...
Dems: Pruitt's office security sweep was subparThe Hill
White House stands behind Pruitt despite new lobbying disclosurePolitico
White House Deterring Republicans From Defending Pruitt, Sources SayBloomberg
New York Times
all 165 news articles »
Google News

How Can Someone Get Private Information From My Computer?

From the "Ask Booster" column in the June 17, 2005... Read More

How to Get Rid of New Sobig.F Virus?

As you know, this time the virus under the name... Read More

Clown Internet Scam - An Internet Scam is Currently Targeting Clowns and Other Entertainers

I am the victim of an internet scam. It is... Read More

Viruses and Worms, Protection from Disaster

Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More

Is That Free Stuff Like An iPod Or Desktop Computer Really Free?

Have you seen the web site, www.freestuff.com? Or have you... Read More

Spyware, What It Is, What It Does, And How To Stop It

Spyware is software that runs on a personal computer without... Read More

The Never Ending Spyware Story

It's been with us since 1993, it's gotten more intrusive,... Read More

Why Malicious Programs Spread So Quickly?

It seems that nowadays cybercriminals prefer cash to fun. That... Read More

Internet/Network Security

Abstract Homogeneous symmetries and congestion control have garnered limited interest... Read More

An Open Letter From a So-called Stupid

Someone recently told me, "You would have to be a... Read More

Detect Spyware Online

You can detect spyware online using free spyware cleaners and... Read More

Is My PC Vulnerable on the Internet?

No longer are viruses the only threat on the internet.... Read More

Computer Viruses, Worms, and Hoaxes

In recent days, I was one of the unfortunate persons... Read More

Blogs as Safe Haven for Cybercriminals?

To blog or not to blog? Well, why not? Lots... Read More

40 Million People Hacked - YOU as Identity Theft Victim

Saturday, MasterCard blamed a vendor of ALL credit card providers... Read More

If You Steal It, They May Come!

Business on the internet is getting down right shameless. This... Read More

How To Clean the Spies In Your Computer?

Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer... Read More

Can I Guess Your Password?

We all know that it's dangerous to use the same... Read More

Phishing - Identity Theft & Credit Card Fraud

What is Phishing? Phishing is a relatively newly coined term... Read More

A New Era of Computer Security

Computer security for most can be described in 2 words,... Read More

8 Surefire Ways to Spot an E-Mail Identity Theft Scam!

The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More

DOS Attacks: Instigation and Mitigation

During the release of a new software product specialized to... Read More

Spyware Protection Software

Spyware protection software is the easiest way of removing spyware... Read More

Web Conferencing Readers - So What Do We Do with the PAYPAL SPAMMER

From: "Paypal Security" Subject: New Security Requirements Date: Tue, 26... Read More

Delete Cookies: New-Age Diet or Common Sense Internet Security?

No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet.... Read More