Dear Phisher: You Are A SCAT and NOT Wells Fargo
From: WellsFargo Online Banking <[email protected]>
To: email address (how dare they use my email for that..)
Sent: Tuesday, January 27, 2009 2:28:39 PM
Subject: Important Update From WellsFargo Online Banking
As a valued Wellsfargo Bank Customer,
the security of your
identity and personal account information is extremely important.
We are installing enhanced online security as an additional way
of protecting your Wellsfargo access.
Click logon to confirm your identity.
LOGON
(note from TechMama - DON'T LOGON!!!) THE LOGON IS FAKE $#&!@ "PHISHING URL" , THE SIGNON REALLY GOES TO:
'http://scatdealer.com/avatars/.w/online.wellsfargo.com.signon/
So just looking at the URL shows that the email is a phisher - scatdealer.com is not Wells Fargo.com... Infact, anything that starts with "scat" is probably not a website you want to go to. By just running my pointer over the word "logon" I saw the URL without clicking...
Here is the last line of the email:
FAILURE TO CONFIRM LEAVES YOUR ACCOUNT VULNERABLE !
(note from TechMama - You are vulnerable if you log on and fall for the scam..)
As a quick follow up on a point that I feel is important, the URL that is shown when you hover over a link is NOT a reliable indicator of where the link will take you.
Why is this not reliable? The reason is a phiser can hide the true click action in a transparent layer on top of the link. So if you were to click on what you thought was the link, you would instead be taken to the location hidden in the transparent layer. Forgoing the technical implementation, just understand that the 'link' can really be a trick.
This 'trick' allows the phiser to simply copy a real legitimate email from a reputable company, and hide their trickery at the bottom of the email. I've dissected a couple of these phising emails and its surprisingly difficult to find the trick even when knowing what to look for explicitly.
This is why many reputable companies will use other unique information in the email (such as your username on their site, account number, or full name that is not exposed with your email address) so that the email should be very unique to you and therefore difficult to fake out. The generic terms "dear member" or something non-unique will be far less reliable. You should be able to visit the real website by hand typing or using a bookmark/favorite to the proper domain name from your browser (not using anything contained in the email) and/or call the company to verify any critical information should that rare instance ever arise.
The typical advice to not even open the email from an unknown source is still very good advice indeed. Just opening the email can load up the images contained inside the email. Any one of those images could be keyed to your email address, and thus verify to the originator the legitimacy of your email address. If you had simply deleted the email without ever opening it (and preview counts as opening) then you would not allow them to know that your address is a valid one. Many newer email programs will automatically not show images to help avoid this giveaway of a good email address (with a person who reads their SPAM email).
Posted by: Cliff Jacobson | January 29, 2009 at 06:47 AM