Phishing Attack: "Wells Fargo Online Account" (May 13, 2013)

A new phishing attack has been seen in circulation this afternoon. This phish is targeting Wells Fargo customers attempting to fool the recipient into clicking a masked URL "Sign On to Wells Fargo Online" which leads to a domain (not associated with the bank) yet it mirrors a typical login screen. The form is set to harvest credentials and will attempt to verify just as much info as you're willing to provide. A few of the screenshots are provided below. In addition to this type of normal banking phish, it is not uncommon to find that the site or one of it's redirects could also host malicious files containing malware created to compromise a system along with collecting URLs visited, usernames, and passwords. 


Whenever this type of scam is sent to your inbox, you should always first consider whether or not you actually have an account with the supposed instituion. If you do, don't click links in the email -- instead open your web browser and visit their main page yourself. From here attempt to determine whether or not your account has any pending alerts or information concerning your account. As a backup precaution, search the site's homepage for customer support info or check the back of your bank's issued card for telephone support to verify account details. Additionally, always check the URLs of any link you click. If the URL is masked as the one in this phish, move your mouse pointer over the link (Do Not Click the Link, just mouse over it) to see the actual URL you will visit if you were to click through.


Remember, these scams are designed to fool you into providing your information. Your best defense is learning what to look for so that you're able to identify the scam. As always, if you have any questions concerning this email or phishing in general, please contact the OIT Service Desk or the ITSO.


Email Screenshot:


Redirect screenshot:


Form page 2:


Form page 3:


OIT Service Desk


IT Security Office