Wells Fargo Bank Security Alerts – Fraud

Another day, another Phishing fraud targeting clients of the big banks.

Currently making the rounds, a Wells Fargo Phish that is actually a pretty good one. It arrives from hijacked zombie PCs (mostly overseas) but spoofs the WellsFargo.com domain:

Subject:      Wells Fargo Bank Security Alerts
From:     Wells Fargo Online Banking <onlinebanking@alerts.wellsfargo.com>

The extra touch here is the use of an actual third-level domain. Rather than just claiming to come from “wellsfargo.com” they instead use “alerts.wellsfargo.com” which adds a nice touch of authority and authenticity.

The fraud email itself looks like this:

Wells Fargo Phsishing Fraud
Click for Larger Image

Another nice touch is the Wells Fargo logo is actually loaded from a legitimate Akamai.net server that is used in actual Wells Fargo emails:

https://a248.e.akamai.net/f/248/1856/90m/www.wellsfargo.com/img/hp/logo_62sq.gif

The message itself is simple and straightforward, with decent grammar and spelling.

For your security, Wells Fargo Bank Helpdesk has safeguard your account when there is a possibility that someone other than you is attempting to sign on. You now need to verify your Identity.

To verify your identity, kindly follow reference below and take the directions to instant activation.

The hook to this Phish is the hyperlink that you’re supposed to use to verify your identity.  While the reader sees this:

https://www.wellsfargo.com/verification/

The actual hyperlink will take you somewhere else entirely. In this cases it’s:

http://www.bissolocasa.it/modules/www.Wellsfargo.com/index.html

Yet another nice touch is that the actual link includes “Wellsfargo.com” and they even capitalize the “W” to draw attention to it in case you “mouse-over” the link in the real email to double check yourself.

But, all cleverness aside, your browser will still go to “bissolocasa.it” and that’s the server (for this example, there are actually many such servers exploited by spammers for this campaign) that will try and trick you into providing your real Wellsfargo username and password.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , ,

Comments are closed.