Online scammers are getting smarter about how they try to extract vital information from us about online bank accounts, etc, and the latest targeting customers of Wells Fargo Bank is a doozy. Here’s what to look out for and how to stay safe online!
As more and more people bank online, it’s no surprise that organized groups of criminals have begun paying more attention to these systems and trying to devise smarter and more subtle ways to extricate account and password information — and much more — from the general populace.
The solution is to be vigilant and suspicious all the time. Even when it seems like a completely legit message or notification.
For example, as a Wells Fargo customer, I certainly read the following email with interest…
Seems legit, and I can well believe that Wells Fargo would warn customers like me about a phishing scam (that is, an email -> web page con that attempts to trick users into “logging in” to their account on the fake site). The red flag was raised for me with the “Update Your Account Here” link. Why would the bank warn us about phishing scams and then have a link – inherently dangerous! – in the email encouraging us to just blindly click and proceed.
Closer examination shows that I’m right:
Quite confident that Wells Fargo Bank would never send me to a “kkpump.co.kr” domain to verify or update my account. In fact, that site looks like a legit business selling pressure pumps, etc. to the Korean market. They’ve been hacked and what’s more interesting is that it’s just a relay bounce anyway, as we’ll see in a moment.
Meanwhile, think about this phishing attempt. Quite ingenious to try and disarm us by coming right out and saying that there’s been a phishing attack and that the bank just wants to make sure that your account is safe. Yeah, no.
So let’s say you were suckered into it and did click on the “Update Your Account Here” link. Where would you go? First off, to the Korean pump site, but that, as I said, is just a relay. You’d end up here:
Wait, isn’t that the legit Wells Fargo home page? Sure looks like it.
Here’s where vigilance and suspicion are your friends. Look more closely at the address bar:
That’s not Wells Fargo! That’s also not a secure SSL-based https:// site, is it? No SSL, no go.
Again, michaelcinco.com is a legitimate business site, they’re running WordPress and have been hacked and the Wells Fargo content injected onto the server. Not good for them at all.
Meanwhile, let’s say that you did enter your username and password because you were incredibly trusting or just moving too darn fast. It happens. Now you’d see this, the gold standard for identity theft:
Yikes. I really hope that no-one ever fills in all this information, because at this point you’ve just handed over the keys to your financial and identity kingdom to bad guys. Very bad news.
These attacks are unfortunately going to keep happening, and while I did adroitly sidestep a phishing warning from my Web browser (Google Chrome) to be able to complete this post, we can’t rely on our Web browser or system to catch and identify every scam. It’s up to you, dear reader, to learn how to be vigilant, skeptical, suspicious and cautious. Remember that every account & password are worth their weight in gold, and that you should never, ever enter your social security number or credit card info — or even your birthday — onto a Web site that you aren’t 100% sure about.
It’s a dangerous place out there. It’s up to you to be careful. So be careful!
Hello;
I got phished exactly the way you demonstrated. I gave my user name and password, then the box popped up asking for more information and I clicked out. We are now out $3,000. The claims department at WF denied our claim saying someone had our credentials and had transferred money before and was not disputed. This was a Zelle transfer and I’ve never even heard of that. We are waiting for documents supporting their denial. Any suggestions? We don’t have a lot of money, so this is huge
I don’t know of anything you can do other than work with your bank on this issue. Good luck!
I would like to report a phishing scam by a phone call. I spoke to a number oue people at Wells fargo, and they all said that your company will not ask to be paid by a Pre Paid Gift Card.I did and I am out around 3500.00 dollars. He claimed to work at Wells Fargo in mortgage dept to help resolve my mortgage. His name Ray Johnson phone number he had call me from is 972-984-6753. What can i do from here?
Sounds like you’re out of luck, Robert. Simple rule of thumb: if you get a phone call from “your bank” then call the number on your statement or the back of your credit card and ask to be connected to the department or group that called you. Of course a bank would *never* want to be paid in gift cards: You also need to be more skeptical! Still, sorry you were ripped off.
great info, thankks for sharing
Expiry date during verification? Expiry?
The dead give away here minus the amount of information requested is they are asking for your email address and password. YOUR PASSWORD. NOONE would ever ask for your email password. As stated the trick is to mouse over any links in any email and see where they are going to. Also it is the best option to NEVER EVER use links in any email, simply go to the site you use for that company directly or call them.
I can see a few Canadian consumers falling for this. Wells Fargo left Canada 5 or 6 years ago because they were not willing to follow the strict Canadian banking regulations. However for the few years they were in business thousands of Canadians were caught up in their web of loans with high interest rates close to pawn shops. They would loan to anyone who was still breathing and that made them attractive to low income earners and people with a questionable credit rating. Glad they are gone!!!!