Wells Fargo Phishing Scam
First off I should explain what phishing is. Phishing is
basically the act of tricking a victim into divulging
information. It involves the receiving of an email message with
a link to a website where the victim would enter personal
information. In this particular scam, you get an email from
"Personal Banking: personalbanking@wellsfargo.com " stating that
there may have been some unauthorized access to your account and
that you should click the link and enter your account and verify
some information. When you click the link you are taken to a
site which looks identical to the Wells Fargo site. If you look
at the HTML code of the site, you'll notice that they are almost
identical. One thing about this scam which was somewhat
surprising is that the message made it past my G-mail spam
filter. This is slightly different to scams I have seen before
in that they don't ask you to reply to this email with your
account number like most others, and they don't ask for
passwords or anything like that. They simply request that you
log in, as you normally do, which would not raise the eyebrow of
normal users. On a closer inspection of the site you will notice
that the forms submit the data entered (user name and password)
to some foreign script and not to Well Fargo. Most probably, the
scammer is having all the usernames and passwords emailed to
him. After submission of your information the site responds that
your password is incorrect. Here an unsuspecting victim would
assume that this was because of the supposed unauthorized access
mentioned in the email.
If you try to submit information a few more times, it takes you
to another Wells Fargo look-alike page called