mailing list archives
Re: Your account at Wells Fargo has been suspended (Phishing Scam)
From: Szilveszter Adam <adam () nhh hu>
Date: Wed, 07 Jul 2004 08:34:15 +0200
[Since phishing seems to be all the rage today, I feel compelled to add...]
Babak Pasdar wrote:
We have uncovered a phishing scam. This is a perfect example of a
phishing scam. All indicators (that the recipient sees) show a valid and
legitimate e-mail from Wells Fargo. This e-mail tells the user their
account has been frozen due to fraudulent activity and gives them a link
to go to. However when you click on the link it takes you to a site in
Korea and not Wells Fargo:
Here is a quick assessment that confirms the e-mail is fraudulent. In
the header notice the source sending it to igxglobal is not identifiable
via reverse DNS:
<lots of info eluded>
Well, maybe it's just me, but to me, the *very* first reason to believe
that the mail was a fraud would be, that I never, ever would expect my
bank to send me such sensitive and time-critical information in an email
message, which can be read by any party while in transit and be delayed
for arbitrary amounts of time, or not delivered at all. (insert rant
here about why more and more applications are relying on email and SMS
messages as a timely and dependable communications mechanism, when
clearly neither was designed to be either) How would they maintain the
privacy of banking operations if they sent such messages to customers?
Please, please US people tell me that even US banks are not so stupid as
to do this... convenience is surely a trump, but not in banking... there
I want security first of all.
P.S. Remember, when we used to tell people "Never open messages claiming
to be virus warnings or security patches from MS, they will never ever
going to send such things in email, only offer them through the web."?
Well, the other day I received an email from MS Hungary (I was
registered for several TechNet events in the past) about the
"worm-du-jour" and how it is dangerous and how MS recommends applying
the patch immediately. Dang. The only thing missing was the patch
attached. This is why police say as long as criminals are people there
is not going to be a perfect crime. Everybody gets lazy after a time.
Full-Disclosure - We believe in it.