First of all, I must explain what phishing is. Phishing is basically the act of tricking a victim into revealing information. It involves receiving an email message with a link to a website where the victim would enter personal information. In this particular scam, you receive an email from “Personal Banking: [email protected]” stating that there may be some unauthorized access to your account and that you should click the link and go into your account and verify some information . When you click the link, you are taken to a site that looks identical to the Wells Fargo site.
If you look at the HTML code of the site, you’ll notice that they are almost identical. One thing about this scam that was somewhat surprising is that the message passed my G-mail spam filter. This is slightly different than scams I’ve seen before, as they don’t ask you to reply to this email with your account number like most others, and they don’t ask for passwords or anything like that. They just ask you to log in, like you normally do, which wouldn’t surprise normal users. On closer inspection of the site, you will notice that the forms send the entered data (username and password) to some foreign script and not to Well Fargo. Most likely, the scammer is receiving all usernames and passwords via email. After submitting your information, the site replies that your password is incorrect. Here, an unsuspecting victim would assume that this was due to the alleged unauthorized access mentioned in the email.
If you try to submit information several more times, it will take you to another Wells Fargo-like page called “Online Banking Verification.” Here they ask for the SSN number, the number of your ATM card, the expiration date, the pin number and the CVV2# (4-digit verification). With the information from the ATM, the scammer could max out your debit card. With all the other information you’ve collected, it wouldn’t be hard at all to call Wells Fargo and basically take over your account. You could change billing addresses, get checks for your account, and just delete it.
How to spot scams like this
Scams like these are usually easy to spot, but this one in particular was a bit tricky, however there are some basic methods you can use to spot these types of scams.
First of all, check the link. Although the link appears to go to the Wells Fargo website, if you let your mouse hover over the link for a moment and look in the status bar, you’ll get the actual address of the link. In this case, the scammer used only an IP address from their domain or machine. However, this can be overridden on the internet (if the scammer changes the status bar) and sometimes even in your email, depending on your security settings.
Check the address bar. In this case, the address bar reported that the website was also from the scammer’s IP address. Simply put, it didn’t say http://www.wellsfargo.com. Very rarely would a scammer be able to fake this. However, they can employ other tricks such as buying a domain name with a slight spelling difference that the user might not notice, or simply loading the link in a new window and hiding the address bar entirely.
Lastly, the only fully proof method to avoid falling victim to a scam like this is to simply call and verify the information over the phone. Keep in mind; do not use a phone number in the email if one is provided. Open your phone book and locate your business number and ask them about it.
Just remember, if it looks fun and feels fun, it’s probably a scam. Never reply to such emails to obtain such sensitive personal information as account information and SSN.
Below is a copy of the email for your review and entertainment. The link is active, however, DO NOT ENTER ANY PERSONAL INFORMATION ON THESE FORMS. THIS IS NOT THE WELLSFARO WEBSITE.
Kevin A. Lloyd.
From: Personal Banking [email protected] >
Date: June 2, 2005 2:22 PM
Subject: Security Notice #291240 Wells Fargo Online Banking Account
Update needed!
Dear member,
We recently reviewed your account and suspect that an unauthorized third party may have accessed your Wells Fargo Online Banking account. Protecting the security of your account and the Wells Fargo network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore access to your account, please follow the steps below to ensure your account has not been compromised:
1. Sign in to your Wells Fargo Online Banking account. If you are not enrolled in Online Banking, you will need to use your Social Security Number as your personal ID and password and complete all required information, including your name and account number. 2. Review your recent account history for any unauthorized withdrawals or deposits, and check your account profile to ensure no changes have been made. If any unauthorized activity has had p! in your account, tell Wells Fargo staff right away.
To get started, click on the link below:
[https://online.wellsfargo.com/signon?LOB=CONS]
We apologize for any inconvenience this may cause and appreciate your assistance in helping us maintain the integrity of the entire Wells Fargo system. Thank you for your prompt attention to this matter.
Sincerely,
The Wells Fargo team
