Attachments may take the form of an information request using a web based form. This is something most people are comfortable with BUT it still has the ability to download malicious code into your computer -or- encourage you to reveal information that the provider, in this attack it would be Wells Fargo. In this case, like so many, the company name is the initial victim.
Typically the message includes "calls to action" for you to build a sense of immediate action being required or you pay a consequence. IF YOU ARE EVER IN DOUBT, CALL THE COMPANY USING THE NUMBER ON YOUR CREDIT CARD, ATM CARD, STATEMENT FROM THE COMPANY OR FROM, YES, A TELEPHONE BOOK. A Microsoft spoof provided a link which was MICR0S0FT.COM versus MICROSOFT.COM Do you see the difference! Many did not and paid a price!
Examine this e-mail and see the discussion below how to spot these fakes and what to do should you not be certain if it is legitimate.
SUBJECT: Unauthorized activity on your online account
ATTACHMENT: ID Conformation.html (54 KB)
We recently detected numerous failed attempts to provide
the correct answers to your security questions.
Therefore, we have temporarily suspended online access to
your account by other non authentic users, and we need to go through some
To begin please download the attached file below to
proceed to verification as soon as possible.
Wells Fargo safeguards your account whenever there is a
possibility that someone else is attempting to sign in.
Please understand that this form must be completed within
This is our security measure intended to help and protect
you and your account.
Thank you for your cooperation and we deeply apologize
for any inconvenience this may cause you.
Wells Fargo Customer Service.
What tells us this is a likely phishing or other attack?
Clue #1: Notice the e-mail address of the sender ... Wellsfago@secureserver.com
Do you think Wells Fargo could spell their company name correctly (the missing "r")?
Clue #2: How many companies are using the same servers "@secureserver.com".
Answer, most likely, is none. Sharing a server with other large companies is a security risk.
This is hype to build a false sense of security to send your personal information to.
- How many accounts would The CT Groups have? They just "vacuum up" e-mail addresses and
blast these out hoping to "hook" someone in their phishing attack. The e-mail addresses may
come from people you know who have had their e-mail accounts hacked or computers infected.
- They are contacting me but there is zero personalization involved. What if you have multiple
accounts ... you don't know which account is reportedly at risk. They don't list your name.
Don't become a victim!
WORD OF CAUTION: CUSTOM/PERSONALIZED SPAM AND PHISHING ATTACKS
The Bad Guys are getting smarter with the rapidly growing data that is readily available on many of us. With sufficient information "harvested" from on-line sources The Bad Guys can customize a
letter using your name, address, telephone number with references to local stores (even their
addresses) to build confidence the e-mail is legitimate. These e-mails may include "Super Secret
Discounts" from some of these stores by simply using your Credit Card. "All you need to do" is
register your Credit Card information with someone you do not know to receive incredible savings
for a very limited time. The types of phishing attacks are potentially unlimited in how your
information may be used against you in such attacks. The secret is to call the store before taking
any other action. If it is legitimate, the store manager will know about it. It's that simple!
- They want you to download/use the attached file but to protect you, they have temporarily
suspended online access to your account by other non authentic users. If your User name and
has been used fraduently, you have a larger problem yet they do not call your attention to that.
In many systems by the time you get to Security Questions you have already cleared the User Name
and Password. This is another reason to review guidelines to create strong passwords of which
some are very easy to remember yet provide very high security.
- They use the urgency ploy for you to act now. This achieves two things:
(1) they generally operate for less than 3 days to avoid capture, arrest and prosecution
(2) they want you act quickly so they can shut down, relocate and start phishing again
The company already has all your information on hand. In nearly all cases today, they
know how to e-mail you or call you.
- Official communications will include logos of the company (better phishing attackers actually use
logos pulled from the Internet. Official communications are carefully reviewed by multiple groups
of people to insure a clear and concise communication, free of spelling errors or alternate
meanings. This, naturally, includes checking for typos and correct spelling of web site links and
the company name. The simple language notification strongly suggests it is not a corporate
communication of bad news.
IF YOU ARE IN DOUBT ABOUT THE LEGITIMACY OF AN E-MAIL
- Do you open any link or attachments or reply or do nothing with the e-mail?
Opening it or clicking on attachments or even replying may initiate programs that will cause loss or
corruption to your computer's data or damage your computer. If you reply you may mark yourself
as a likely customer of that company.
- Call the company ideally at the phone number printed on your account or credit cards or listed in
published phone books. The Bad Guys must attack quickly and within very limited time frames to avoid capture and/or prosecution thus limiting their ability to build a false front to hide behind.
This is a published number the Bad Guys cannot change. Tell them you suspect an attempt to
extract account information from you was received by e-mail. Because these e-mails are often
sent to hundreds of thousands or more people, there is a good chance they will confirm it is
an attack against you and encourage you NOT to click, detach or respond to the e-mail.
- If this they are unware of this you may be connected to their Security Department for some
additional information and possibly a request to forward the e-mail to them. They may request
you forward the e-mail using specific steps to preserve the forensic content of the e-mail.
- If you receive an incentive to register your Credit Card call the credit card company or the
Store Manager where these "Super Secret Deals" offered and ask about them. Savings that
large would require they carry a heavier inventory to meet demand. It is highly unlikely that you
will be given any encouragement to respond to the offer you received.