Scam of the day – September 29, 2017 – Incredibly poor Wells Fargo phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which download malware or providing personal information that will be used to make you a victim of identity theft are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work. Reproduced below is a copy of a new phishing email presently circulating that appears to come from Wells Fargo.   Wells Fargo is a popular target for this type of phishing email because it is one of the largest banks in the United States.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is embarrassingly poor. Despite having a legitimate appearing Wells Fargo logo, the grammar is atrocious.  In addition, the email address from which it was sent is that of an individual totally unrelated to Wells Fargo and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   As so often is the case with these type of phishing emails, it does not contain your account number in the email or address you by name.  I have removed the links contained in the original email as sent.

Wells Fargo

Wells Fargo Account

® Security Re-identify

Your Wells Fargo online access need’s to be re-identify on our server. Because we are having difficulty to contact you with the email address on file with us do to this reason’s you are advised to perform account security identification process by confirming your email account with us also to make your  account 100% secured, sign on to continue. xxxxxxxxxxxxxxx

To avoid your Account from being Permanently BLOCKED.
Go to xxxxxxxxxxxxxx  For all other Online Banking related inquiries, please call  Wells Fargo Online Customer Service at xxxxxxxxxxxx.

TIPS

There are a number of indications that this is not a legitimate email from Wells Fargo, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would direct the email to you by name rather than directing it to your email address.   As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Wells Fargo to trap you if you make a mistake in dialing the real number.

Scam of the day – December 20, 2014 – Latest phishing emails

Phishing emails by which an identity thief sends you an email that purports to be from a trusted source, such as your email provider or bank in which you are instructed to click on a link in order to resolve a major problem is a common and effective way for identity thieves to get you to unwittingly install keystroke logging malware on to your computer that will steal your personal information from your computer and use it to make you a victim of identity theft.  In a more advanced form of phishing called “spear phishing” the email may be directed to you by name and have other information that can fool you into believing that the email is legitimate.  Spear phishing has resulted in many of the major data breaches in the past year including Target and possibly Sony.

Here are some examples of some phishing email commonly circulating.  DO NOT CLICK ON THE LINKS.

“Your mailbox has exceeded the storage limit of 1 GB. You can not receive new messages until you update your mailbox. CLICK HERE to update.
Thank you
Aol Team!”

“Dear Aol User,

Your Account needs to be updated to enable your account work properly, Aol is doing upgrades to all users to keep there account safe from viruses and hacking.

Please CLICK HERE to upgrade now and continue to enjoy the benefits and services of Aol Mail.

Privacy Policy | Terms of Use | Security Tip
Copyright © in 2014 All rights reserved.”

“The Mail Team

Dear Customer,
Your incoming messages were placed on pending due to our recent upgrade.
You have 1 new Security message From Wells Fargo Bank.Click the secure link below to confirm your account.
https://www.wellsfargo.com/confirmation

Security Adviser, ATM/debit card number.
—————————————–
Copyright © 1999 – 2014 Wells Fargo. All rights reserved. NMLSR ID 399801.”

“We believe you have violated either the Terms of Service, product-specific Terms of Service (available on the product page),or product-specific policies.Please view all violated Terms below

Violated Terms Of Service”

TIPS

Trust me, you can’t trust anyone!  These particular phishing emails are pretty rudimentary.  Not only does your name not appear in the email, but the email addresses from where they were sent does not reflect that it was sent by AOL or Wells Fargo as represented in the email.  Rather, the email addresses from which these emails were sent are those of innocent people whose email accounts have been hijacked by the identity thieves and made a part of a botnet by which these phishing emails are sent.  Never click on a link or download an attachment from anyone unless your absolutely sure that it is legitimate. Even if the email appears to come from a legitimate company or someone you trust and even if the email addresses you by name, you should not click on the link until you have confirmed that the email and link are legitimate.  Identity thieves can hijack the email accounts of your friends or make the address of the sender appear to be legitimate.