Full Disclosure mailing list archives
Re: Your account at Wells Fargo has been suspended (Phishing Scam)
From: Szilveszter Adam <adam () nhh hu>
Date: Wed, 07 Jul 2004 08:34:15 +0200
Hi, [Since phishing seems to be all the rage today, I feel compelled to add...] Babak Pasdar wrote:
We have uncovered a phishing scam. This is a perfect example of a phishing scam. All indicators (that the recipient sees) show a valid and legitimate e-mail from Wells Fargo. This e-mail tells the user their account has been frozen due to fraudulent activity and gives them a link to go to. However when you click on the link it takes you to a site in Korea and not Wells Fargo:
<...>
Here is a quick assessment that confirms the e-mail is fraudulent. In the header notice the source sending it to igxglobal is not identifiable via reverse DNS:
<lots of info eluded>Well, maybe it's just me, but to me, the *very* first reason to believe that the mail was a fraud would be, that I never, ever would expect my bank to send me such sensitive and time-critical information in an email message, which can be read by any party while in transit and be delayed for arbitrary amounts of time, or not delivered at all. (insert rant here about why more and more applications are relying on email and SMS messages as a timely and dependable communications mechanism, when clearly neither was designed to be either) How would they maintain the privacy of banking operations if they sent such messages to customers? Please, please US people tell me that even US banks are not so stupid as to do this... convenience is surely a trump, but not in banking... there I want security first of all.
P.S. Remember, when we used to tell people "Never open messages claiming to be virus warnings or security patches from MS, they will never ever going to send such things in email, only offer them through the web."? Well, the other day I received an email from MS Hungary (I was registered for several TechNet events in the past) about the "worm-du-jour" and how it is dangerous and how MS recommends applying the patch immediately. Dang. The only thing missing was the patch attached. This is why police say as long as criminals are people there is not going to be a perfect crime. Everybody gets lazy after a time.
Regards, Sz. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Your account at Wells Fargo has been suspended (Phishing Scam) Babak Pasdar (Jul 06)
- Re: Your account at Wells Fargo has been suspended (Phishing Scam) Szilveszter Adam (Jul 07)
- <Possible follow-ups>
- Your account at Wells Fargo has been suspended (Phishing Scam) Babak Pasdar (Jul 07)
- RE: Your account at Wells Fargo has been suspended (Phishing Scam) Larry Seltzer (Jul 07)