Account Info

Updated 09/15/2016

Attachments may take the form of an information request using a web based form.  This is something most people are comfortable with BUT it still has the ability to download malicious code into your computer -or- encourage you to reveal information that the provider, in this attack it would be Wells Fargo.  In this case, like so many, the company name is the initial victim.

Typically the message includes "calls to action" for you to build a sense of immediate action being required or you pay a consequence.  IF YOU ARE EVER IN DOUBT, CALL THE COMPANY USING THE NUMBER ON YOUR CREDIT CARD, ATM CARD, STATEMENT FROM THE COMPANY OR FROM, YES, A TELEPHONE BOOK.  A Microsoft spoof provided a link which was MICR0S0FT.COM versus MICROSOFT.COM   Do you see the difference!  Many did not and paid a price!

Examine this e-mail and see the discussion below how to spot these fakes and what to do should you not be certain if it is legitimate.

SUBJECT:  Unauthorized activity on your online account

ATTACHMENT:  ID Conformation.html (54 KB)

Dear Customer,


We recently detected numerous failed attempts to provide the correct answers to your security questions.


Therefore, we have temporarily suspended online access to your account by other non authentic users, and we need to go through some verification.


To begin please download the attached file below to proceed to verification as soon as possible.


Wells Fargo safeguards your account whenever there is a possibility that someone else is attempting to sign in.


Please understand that this form must be completed within 24-48 hours.


This is our security measure intended to help and protect you and your account.


Thank you for your cooperation and we deeply apologize for any inconvenience this may cause you.


Wells Fargo Customer Service.

What tells us this is a likely phishing or other attack?

  1.  Clue #1:  Notice the e-mail address of the sender ...
                     Do you think Wells Fargo could spell their company name correctly (the missing "r")?
     Clue #2: 
    How many companies are using the same servers "".
                     Answer, most likely, is none.  Sharing a server with other large companies is a security risk.
                     This is hype to build a false sense of security to send your personal information to.

  2.  How many accounts would The CT Groups have?   They just "vacuum up" e-mail addresses and
     blast these out hoping to "hook" someone in their phishing attack.
    The e-mail addresses may
     come from people you know who have had their e-mail accounts hacked or computers infected.

  3.  They are contacting me but there is zero personalization involved.  What if you have multiple
     accounts ... you don't know which account is reportedly at risk.  They don't list your name.
     Don't become a victim!

     The Bad Guys are getting smarter with the rapidly growing data that is readily available on many of  us.  With sufficient information "harvested" from on-line sources The Bad Guys can customize a
     letter using your name, address, telephone number with references to local stores (even their
     addresses) to build confidence the e-mail is legitimate.  These e-mails may include "Super Secret
     Discounts" from some of these stores by simply using your Credit Card.  "All you need to do" is
     register your Credit Card information with someone you do not know to receive incredible savings
     for a very limited time.  The types of phishing attacks are potentially unlimited in how your
     information may be used against you in such attacks.  The secret is to call the store before taking
     any other action.  If it is legitimate, the store manager will know about it.  It's that simple!

  4.  They want you to download/use the attached file but to protect you, they have temporarily
     suspended online access to your account by other non authentic users.  If your User name and 
     has been used fraduently, you have a larger problem yet they do not call your attention to that.

     In many systems by the time you get to Security Questions you have already cleared the User Name
     and Password.   This is another reason to review guidelines to create strong passwords of which
     some are very easy to remember yet provide very high security.

  5.  They use the urgency ploy for you to act now.  This achieves two things:
     (1) they generally operate for less than 3 days to avoid capture, arrest and prosecution
     (2) they want you act quickly so they can shut down, relocate and start phishing again
     The company already has all your information on hand.  In nearly all cases today, they
     know how to e-mail you or call you.

  6.  Official communications will include logos of the company (better phishing attackers actually use
     logos pulled from the Internet.  Official communications are carefully reviewed by multiple groups
     of people to insure a clear and concise communication, free of spelling errors or alternate
     meanings.  This, naturally, includes checking for typos and correct spelling of web site links and
     the company name.  The simple language notification strongly suggests it is not a corporate
     communication of bad news.

  1.  Do you open any link or attachments or reply or do nothing with the e-mail?
     Opening it or clicking on attachments or even replying 
    may initiate programs that will cause loss or
     corruption to your computer's data or damage your computer.  If you reply you may mark yourself
     as a likely customer of that company.

  2.  Call the company ideally at the phone number printed on your account or credit cards or listed in
     published phone books.  The Bad Guys must attack quickly and within very limited time frames to  avoid capture and/or prosecution thus limiting their ability to build a false front to hide behind.

     This is a published number the Bad Guys cannot change.  Tell them you suspect an attempt to
     extract account information from you was received by e-mail.  Because these e-mails are often
     sent to hundreds of thousands or more people, there is a good chance they will confirm it is
     an attack against you and encourage you NOT to click, detach or respond to the e-mail.

  3.  If this they are unware of this you may be connected to their Security Department for some
     additional information and possibly a request to forward the e-mail to them.  They may request
     you forward the e-mail using specific steps to preserve the forensic content of the e-mail.

  4.  If you receive an incentive to register your Credit Card call the credit card company or the
     Store Manager where these "Super Secret Deals" offered and ask about them.  Savings that
     large would require they carry a heavier inventory to meet demand.  It is highly unlikely that you
     will be given any encouragement to respond to the offer you received.