Catch of the Day: Not a Phish – Real Wells Fargo Email
Chef’s Special: Fake Money Phish
Examples of clever phish that mad it past my spam filters and into my inbox. Some are send by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at email@example.com.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
The Real Wells Fargo Email
I spend a lot of time analyzing phishing emails. I got this one from Wells Fargo, and as I looked it over, I realized this was a legitimate email, not a phish. What were my clues?
The sender email was from an actual Wells Fargo sub-domain notify.wellsfargo.com
The hyperlink Statements and Documents resolved to https://connect.secure.wellsfargo.com/auth/login/present?, also a real Wells Fargo subdomain.
The Internet headers proved that the email was from wellsfargo.com.
I have received phish that looked just like this, and even though I am certain this email is legitimate, I would NEVER click through link to access my account information. Instead I would use the shortcut in my LastPass password manager application to log in and authenticate. I recommend that you do likewise.
Fake Money Phish
This is a straight up money con in the style of the “Nigerian Prince” or “Lottery” type emails. All they want is your personal information and a “small fee” for shipping your $3.5 Million Master Card, plus another million by check? Is this my lucky day? Delivered on Friday the 13th, too!
Wait a minute!! I got another $15.5 Million on another Visa Card on the same day!! Wow my luck keeps getting better.
Hopefully none of my readers are going to fall for these sorts of emails, but I thought I’d share. If you have gullible family members, maybe you should share this article with them.
I often wonder what the point is with foreign language phishing emails. This example is in Chinese, which I can’t read.
But I ran it through Google Translate and got this:
Clicking to open took me too this landing page at http://mailbeian.cn/page.php. This appears to be a credential stealing exploit.
T-Mobile Survey Phish
I reported on this exploit back on April 29, but as I get two or three of these T-Mobile branded survey scams every week, I thought it would be good to put out another warning.
First point – T-Mobile is not giving away anything for a survey. All that will have is YOU will give away all your personal information and a credit card to scammers.
Here’s the email:
The link resolves to http://www.appltech.click/thrilled-ketchup/a806lv23q95eO86U12B12Z0l1u408q14sFsFf68.GsEGsi7JQJnnSd7crZO10_5nWqwDand then redirects to https://listcenters.com/ma/guri/gudedoza/sepa/xotemu/index.php
I am not going through all the steps for the survey, just check out the April 29th post. Please just ignore these emails when they show up in your inbox.
Business Email Compromise often starts with a spearphishing or whaling email. BEC is a growing type of cybercrime that generates billions in losses every year. It also involves cryptocurrency more and more, providing an additional layer of anonymity to the cybercriminals. More…
Fortinet’s FortiGuard Labs captured a phishing campaign that was delivering three fileless malware onto a victim’s device. Once executed, they are able to steal sensitive information from that device.
In this analysis, I’ll reveal how the phishing campaign manages to transfer the fileless malware to the victim’s device, what mechanism it uses to load, deploy, and execute the fileless malware in the target process, and how it maintains persistence on the victim’s device.
Affected platforms: Microsoft Windows
Impacted parties: Microsoft Windows Users
Impact: Controls victim’s device and collects sensitive information
Severity level: Critical