Wednesday, October 19, 2011

Email from Wells Fargo

Well this email from Wells Fargo caught me by surprise.  I had to do a double take until I finally realized it was a scam email.  We call it a phishing attack.  It is made to look legitimate. We have in fact been legitimately notified before by businesses that they've been hacked.  The bad grammar and misspellings should be a warning, but if an an unsuspecting recipient clicks the link, they are taken to a webpage that looks just like the Wells Fargo website, only it's not. 


I was sure it was a scam so I did a tracert on www_online-protection_net to see what was there.  The big red flag was that it traced back to Yahoo's servers.



Next, I did a whois and found out that the site is owned by someone in Italy.


This hardly seems like Wells Fargo.  Last, I went to the website to take a look at it.



It is a very convincing fake of the real site.  One tip off that it is not legit is that it does not show secure HTTP https in the address bar.  I feel sorry for anyone that actually enters their true login credentials here.  Interestingly, if you click on some of the tabs they do link to the real Wells Fargo website, as shown below.


These scammers are good.  I can only imagine how many technically naive people enter their info here.