First of all, it should explain what phishing is. Phishing is basically the act of tricking a victim into disclosing information. It involves receiving an email message with a link to a website where the victim would enter personal information. In this particular scam, you receive an email from “Personal Banking: [email protected]” stating that there may have been some unauthorized access to your account and that you should click the link, log into your account, and verify certain information. When you click on the link, you are directed to a site that appears identical to the Wells Fargo site.
If you look at the site’s HTML code, you will notice that they are almost identical. One thing about this scam that was somewhat surprising is that the message went through my G-mail spam filter. This is slightly different from scams I’ve seen before in that they don’t ask you to reply to this email with your account number like most others, and they don’t ask for passwords or anything like that. They just ask you to log in, as you normally do, which wouldn’t surprise normal users. On a closer inspection of the site, you will notice that the forms send the entered data (username and password) to some external script and not Well Fargo. Most likely, the scammer will receive all usernames and passwords by email. After submitting your information, the site responds that your password is incorrect. Here, an unsuspecting victim would assume that this was due to the alleged unauthorized access mentioned in the email.
Trying to submit information a few more times will take you to another page similar to Wells Fargo called “Online Banking Verification.” Here they ask for your SSN number, your ATM card number, expiration date, PIN number, and CVV2 # (4-digit verification). With the information from the ATM, the scammer could maximize your debit card. With all the other information you’ve gathered, it wouldn’t be difficult at all to call Wells Fargo and basically take over your account. You could change billing addresses, get checks for your account, and just delete it.
How to spot scams like this
Scams like these are usually easy to spot, but this one in particular was a bit tricky; however, there are some basic methods you can use to detect these types of scams.
First, check the link. Although the link appears to be going to the Wells Fargo website, if you hover over the link for a moment and look in the status bar, you will get the actual address of the link. In this case, the scammer used only an IP address from your domain or machine. However, this can be overridden online (if the scammer changes the status bar) and sometimes even in your email, depending on your security settings.
Check the address bar. In this case, the address bar reported that the website was also from the scammer’s IP address. Simply put, it didn’t say http://www.wellsfargo.com. Very seldom could a scammer fake this. However, they can employ other tricks such as buying a domain name with a slight spelling difference that the user might not notice, or simply loading the link in a new window and hiding the address bar entirely.
Lastly, the only comprehensive testing method to avoid becoming a victim of a scam like this is to simply call and verify the information over the phone. Keep in mind; do not use a phone number in the email if you are given one. Open your phone book and find their business number and ask them about it.
Just remember, if it looks funny and feels funny, it’s probably a scam. Never reply to such emails with personal information as sensitive as account information and SSN.
Below is a copy of the email message for your review and fun. The link is active, however, DO NOT ENTER ANY PERSONAL INFORMATION IN THESE FORMS. THIS IS NOT THE WELLSFARO SITE.
Kevin. A. Lloyd.
From: Personal Banking [email protected]>
Date: June 2, 2005 2:22 pm
Subject: Security Advisory # 291240 Wells Fargo Internet Banking Account
Update needed!
Dear member,
We recently reviewed your account and suspected that an unauthorized third party may have accessed your Wells Fargo Online Banking account. Protecting the security of your account and the Wells Fargo network is our primary concern. Therefore, as a preventive measure, we have temporarily limited access to confidential account features. To restore access to your account, take the following steps to ensure that your account has not been compromised:
1. Log into your Wells Fargo Online Banking account. In case you are not enrolled in Internet Banking, you will have to use your Social Security Number as your Personal Identification and Password and complete all the required information, including your name and account number. 2. Review your recent account history for unauthorized withdrawals or deposits and check your account profile to make sure no changes have been made. If any unauthorized activity has had p! on your account, report this to Wells Fargo staff immediately.
To get started, click on the link below:
[https://online.wellsfargo.com/signon?LOB=CONS]
We apologize for any inconvenience this may cause and appreciate your help in helping us maintain the integrity of the entire Wells Fargo system. Thank you for your prompt attention to this matter.
To be honest
The Wells Fargo Team
