« Will Google Ocean Be Added To Google Earth? | Main | CBS News With Katie Couric Goes Primetime With A Grammy Special »

January 27, 2009

Dear Phisher: You Are A SCAT and NOT Wells Fargo

Here I am - an innocent mom blogging on her netbook, waiting for her son to finish his appointment. I then decided to check my email - when what did I see? A (bad name I can't publish) phisher sending me a lame email. This is a SCAM by the way (called Phishing). I discussed phishing already in an prior post. But here again, those (bad name I can't publish) phishers are sending out an email trying to get me and many other "innocents" to give away private financial information on a FAKE website.  So if anyone gets an email like this  DON'T RESPOND! Delete it or put it into your "spam" email folder.

----- Forwarded Message ----
From: WellsFargo Online Banking <[email protected]>
To: email address (how dare they use my email for that..)
Sent: Tuesday, January 27, 2009 2:28:39 PM
Subject: Important Update From WellsFargo Online Banking

As a valued Wellsfargo Bank Customer, the security of your
identity and personal account information is extremely important.
We are installing enhanced online security as an additional way
of protecting your Wellsfargo access.

Click logon to confirm your identity.

LOGON

(note from TechMama - DON'T LOGON!!!) THE LOGON IS FAKE $#&!@ "PHISHING URL" , THE SIGNON  REALLY GOES TO:

'http://scatdealer.com/avatars/.w/online.wellsfargo.com.signon/

So just looking at the URL shows that the email is a phisher - scatdealer.com is not Wells Fargo.com... Infact, anything that starts with "scat" is probably not a website you want to go to. By just running my pointer over the word "logon" I saw the URL without clicking...

Here is the last line of the email:

FAILURE TO CONFIRM LEAVES YOUR ACCOUNT VULNERABLE !

(note from TechMama - You are vulnerable if you log on and fall for the scam..)

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d8341c2f3853ef010536fc2e28970c

Listed below are links to weblogs that reference Dear Phisher: You Are A SCAT and NOT Wells Fargo:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

As a quick follow up on a point that I feel is important, the URL that is shown when you hover over a link is NOT a reliable indicator of where the link will take you.

Why is this not reliable? The reason is a phiser can hide the true click action in a transparent layer on top of the link. So if you were to click on what you thought was the link, you would instead be taken to the location hidden in the transparent layer. Forgoing the technical implementation, just understand that the 'link' can really be a trick.

This 'trick' allows the phiser to simply copy a real legitimate email from a reputable company, and hide their trickery at the bottom of the email. I've dissected a couple of these phising emails and its surprisingly difficult to find the trick even when knowing what to look for explicitly.

This is why many reputable companies will use other unique information in the email (such as your username on their site, account number, or full name that is not exposed with your email address) so that the email should be very unique to you and therefore difficult to fake out. The generic terms "dear member" or something non-unique will be far less reliable. You should be able to visit the real website by hand typing or using a bookmark/favorite to the proper domain name from your browser (not using anything contained in the email) and/or call the company to verify any critical information should that rare instance ever arise.

The typical advice to not even open the email from an unknown source is still very good advice indeed. Just opening the email can load up the images contained inside the email. Any one of those images could be keyed to your email address, and thus verify to the originator the legitimacy of your email address. If you had simply deleted the email without ever opening it (and preview counts as opening) then you would not allow them to know that your address is a valid one. Many newer email programs will automatically not show images to help avoid this giveaway of a good email address (with a person who reads their SPAM email).

The comments to this entry are closed.

Categories

-->

My New Gig


Current Projects


Video Fun

Follow Me

Twitter Updates

Worthy Causes


  • I am a ONE Week Team Member banner

Subscribe

  • Add to Google Reader or Homepage

  • Subscribe in Bloglines

Speaking At:

So Honored

My Life Scoop Posts

I Blog With Integrity