First off I should explain what phishing is. Phishing is
basically the act of tricking a victim into divulging
information. It involves the receiving of an email message with
a link to a website where the victim would enter personal
information. In this particular scam, you get an email from
\"Personal Banking: personalbanking@wellsfargo.com \" stating that
there may have been some unauthorized access to your account and
that you should click the link and enter your account and verify
some information. When you click the link you are taken to a
site which looks identical to the Wells Fargo site. If you look
at the HTML code of the site, you\'ll notice that they are almost
identical. One thing about this scam which was somewhat
surprising is that the message made it past my G-mail spam
filter. This is slightly different to scams I have seen before
in that they don\'t ask you to reply to this email with your
account number like most others, and they don\'t ask for
passwords or anything like that. They simply request that you
log in, as you normally do, which would not raise the eyebrow of
normal users. On a closer inspection of the site you will notice
that the forms submit the data entered (user name and password)
to some foreign script and not to Well Fargo. Most probably, the
scammer is having all the usernames and passwords emailed to
him. After submission of your information the site responds that
your password is incorrect. Here an unsuspecting victim would
assume that this was because of the supposed unauthorized access
mentioned in the email.
If you try to submit information a few more times, it takes you
to another Wells Fargo look-alike page called Online Banking
Verification. Here they ask for SSN number, your ATM card
number, the expiration date, the pin number and the CVV2# (4
digit verification). With the ATM information the scammer could
max out your debit card. With all the rest of the information he
has gathered it would not be at all difficult to call up Wells
Fargo and basically take over your account. He could change
billing addresses, get checks for you account, and simply wipe
it out.
How to spot scams like this
Scams like these are usually easy to spot, but this one in
particular was a bit tricky, however there are some basic
methods you can use to spot these types of scams.
First of all, check the link. Although it looks like the link is
going to Wells Fargos website, if you let the mouse hover over
the link for a while and look in the status bar, you will get
the real address of the link. In this case the scammer used just
an IP address of his domain or machine. This, however, can be
overridden on the internet (if the scammer changes the status
bar) and sometimes even in your email, depending on what your
security settings are.
Check the address bar. In this case, the address bar reported
that the website was also from the scammers IP address. Simply
put, it did not say www.wellsfargo.com. Very seldom would a
scammer be able to fake this. They may, however, employ other
tricks like buying a domain name with a slight spelling
difference that the user might not notice or by simply loading
the link in a new window and hiding the address bar altogether.
Lastly, the only full proof method to avoid becoming a victim to
a scam like this is to simply call in and verify the information
over the phone. Please note; do not use a phone number in the
email if one is given. Open up your phone book and locate the
number for your firm and ask them about it.
Just remember, if it looks funny and feels funny, its probably
a scam. Do not ever reply to such email messages for personal
information as sensitive as account information and SSN.
Below is a copy of the email message for your review and
amusement. The link is active, however DO NOT ENTER ANY PERSONAL
INFORMATION INTO THESE FORMS. THIS IS NOT WELLSFAROS SITE.
Kevin. A. Lloyd.
From: Personal Banking < personalbanking@wellsfargo.com > To:
me@me.com Date: Jun 2, 2005 2:22 PM Subject: Security Notice
#291240 Wells Fargo Internet Banking account Update Necesary!
Dear Member,
We recently reviewed your account, and suspect that your Wells
Fargo Internet Banking account may have been accessed by an
unauthorized third party. Protecting the security of your acount
and of the Wells Fargo network is our primary concern.
Therefore, as a preventative measure, we have temporarily
limited access to sensitive account features. To restore your
account access, please take the following steps to ensure that
your account has not been compromised:
1. Login to your Wells Fargo Internet Banking account. In case
you are not enrolled for Internet Banking, you will have to use
your Social Security Number as both your Personal ID and
Password and fill in all the required information, including
your name and account number. 2. Review your recent account
history for any unauthorized withdrawls or deposits, and check
your account profile to make sure not changes have been made. If
any unauthorized activity has taken p! la ce on your account,
report this to Wells Fargo staff immediately.
To get started, please click on the link below:
https://online.wellsfargo.com/signon?LOB=CONS
We apologize for any inconvenience this may cause, and
appreciate your assistance in helping us maintain the integrity
of the entire Wells Fargo system. Thank you for your prompt
attention to this matter.
Sincerly, The Wells Fargo Team
