I just received a phishing email targeting Wells Fargo customers, and thought it might provide a good example of some things to watch out for. This particular phishing email is rather clumsy so there’s several items that stand out as fishy, or phishy if you prefer. I’ve included a couple photos in the article here. You can click on the image to see it full size. Unfortunately for Facebook, the images will not be imbedded.
First of all, notice that the From address is a yahoo address. Wells Fargo isn’t going to send you an email from a Yahoo address. It is all too easy to forge the from address, so just because the address looks like it’s from Wells Fargo isn’t a home-free card. Did I mention this one was clumsy? It appears to me that this message was actually sent from a compromised yahoo account.
The next clue is the wording of the message: “We kindly implore” and “Customer Care Service.” I suppose if the business was located in the UK, that might be a bit more understandable, but in the US the stilted language is a dead giveaway. Someone not in the US composed this message.
Finally, if I hover the pointer over the link – hover, not click! – then Outlook at least will show me what the real link is. You’ll notice that the text of the message makes it look like it’s a Wells Fargo address, but hovering reveals the actual link to point to a different address – “http://tokblast.pw/kwlz” Although I didn’t click on the link, I’m guessing it would present a page with graphics “borrowed” from Wells Fargo to make you think you were on a Wells Fargo site, and prompt you to log in.
When you try to log in on that website, you give them your bank login information! Now they can log into your bank account, and transfer all your funds to their account in the Bahamas or wherever. Nifty, eh? If you have a line of credit, they can probably also max out your loan, too. Now you’re not just broke, you’re in debt!
Be careful with emails!
Bancorp email compromised
I use unique email addresses for various vendors that I use. There’s a couple different reasons for that – one is that I can retire that address if I start getting spam, and the other is that I KNOW whose system has been compromised when I start getting spam to that address. I generally let them know that I’m getting spam from the unique address I’ve given them, so that they can do something about it. If they choose.
Today I got a malware email from an address that was given to Bancorp. The email was crafted to look like an invoice, and had a zip attachment. I’m sure the zip attachment had some type of malware payload that would be delivered if I unzipped the zip file.
The email subject line was “E-Service (Europe) Ltd Invoice No: 10013405” and appeared to be from a company in UK.
Be careful out there! Make sure any employees know to NOTICE if an email looks fishy before they open any attachments.