Phishing Email Alerts
Catch of the Day: Wells Fargo Revisited
Examples of clever phish that made it past my spam filters and into my Inbox, or from clients, or reliable sources on the Internet.
I would be delighted to accept suspicious phishing examples from you. Please forward your email to firstname.lastname@example.org.
My intention is to provide a warning, examples of current phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your own inbox. If the pictures are too small or extend off the page, double-clicking on them will open them up in a photo viewer app.
This week, my spam filters must be working better, no new phish at all! So this week I am going to repost the phishing exploit that is my very favorite. I had a student in one of my CISSP certification classes who worked at Wells Fargo say that this exploit is used in their employee cybersecurity awareness training. Share this with anyone you know with a Wells Fargo Account.
Wells Fargo Identity Theft Phish
You don’t see one like this every day. This fabulously engineered phishing exploit starts out with good news, someone made a direct deposit in your account. Who doesn’t like free money? Click, and you’ve been pwned.
Not only does this phish want your Well Fargo Banking and Financial account credentials, but as I clicked through the multiple landing pages, this phishing exploit asked for personal information including street address, phone number, birth date, SSN, and driver’s license. On the next page they asked for credit card information. The fifth and final screen was an actual Wells Fargo login screen. If you followed all the way through, you coughed up every bit if information the attacker would need to log on to your Wells Fargo account and clean it out.
The email domain was hijacked from a Japanese air freight company. (WellsFargo Messaging Center <email@example.com>) The View Your Personal WF Accounts resolved to http://sagoodesign.com/firstgroupus. VirusTotal identified this as a phishing address. From there I was redirected to the first landing page at https://buybharatvocal4local.com/remembfolder/junefileswf/intro.html. From there I kept clicking, going deeper into this highly sophisticated identity theft and bank account hijacking exploit. The quality of the landing pages was very high, as you will see.
The website that is hosting these landing pages was hijacked. The last image in this case is the home page for https://buybharatvocal4local.com Buy Bharat V4L
The second landing page – user ID and password collected
The fourth landing page – Got the credit card
The victim website that is hosting the fake landing pagesThe is an excellent piece of social engineering. The perpetrator got the bank account, personal info, and a credit card – a trifecta!Share