First off I should explain what phishing is. Phishing is basically the act of tricking a victim into divulging information. It involves the receiving of an email message with a link to a website where the victim would enter personal information. In this particular scam, you get an email from "Personal Banking: personalbanking@wellsfargo.com" stating that there may have been some unauthorized access to your account and that you should click the link and enter your account and verify some information. When you click the link you are taken to a site which looks identical to the Wells Fargo site.

If you look at the HTML code of the site, you'll notice that they are almost identical. One thing about this scam which was somewhat surprising is that the message made it past my G-mail spam filter. This is slightly different to scams I have seen before in that they don't ask you to reply to this email with your account number like most others, and they don't ask for passwords or anything like that. They simply request that you log in, as you normally do, which would not raise the eyebrow of normal users. On a closer inspection of the site you will notice that the forms submit the data entered (user name and password) to some foreign script and not to Well Fargo. Most probably, the scammer is having all the usernames and passwords emailed to him. After submission of your information the site responds that your password is incorrect. Here an unsuspecting victim would assume that this was because of the supposed unauthorized access mentioned in the email.

If you try to submit information a few more times, it takes you to another Wells Fargo look-alike page called