I just received a phishing email targeting Wells Fargo customers, and thought it might provide a good example of some things to watch out for. This particular phishing email is rather clumsy so there’s several items that stand out as fishy, or phishy if you prefer. I’ve included a couple photos in the article here. You can click on the image to see it full size. Unfortunately for Facebook, the images will not be imbedded.
First of all, notice that the From address is a yahoo address. Wells Fargo isn’t going to send you an email from a Yahoo address. It is all too easy to forge the from address, so just because the address looks like it’s from Wells Fargo isn’t a home-free card. Did I mention this one was clumsy? It appears to me that this message was actually sent from a compromised yahoo account.
The next clue is the wording of the message: “We kindly implore” and “Customer Care Service.” I suppose if the business was located in the UK, that might be a bit more understandable, but in the US the stilted language is a dead giveaway. Someone not in the US composed this message.
Finally, if I hover the pointer over the link – hover, not click! – then Outlook at least will show me what the real link is. You’ll notice that the text of the message makes it look like it’s a Wells Fargo address, but hovering reveals the actual link to point to a different address – “http://tokblast.pw/kwlz” Although I didn’t click on the link, I’m guessing it would present a page with graphics “borrowed” from Wells Fargo to make you think you were on a Wells Fargo site, and prompt you to log in.
When you try to log in on that website, you give them your bank login information! Now they can log into your bank account, and transfer all your funds to their account in the Bahamas or wherever. Nifty, eh? If you have a line of credit, they can probably also max out your loan, too. Now you’re not just broke, you’re in debt!
Be careful with emails!