I usually post these things as a humorous thing, to demonstrate how ridiculous they generally are, but this time I’m posting it as an actual warning.
I got this e-mail this morning (posted as an image, to show the whole thing, the link is dead):
This one worries me because it’s actually pretty well done. The English isn’t ridiculously bad, the grammar is pretty much correct, the “reply-to” address isn’t in nigeria (although it’s probably a dead address, since they chose a different route). It even includes a legit looking logo at the top and a friendly reminder to protect your password to lend credibility. How ironic is that?
It concerns me that some people with less experience on the net may fall for this one, click the link and enter their information. I did not follow the link to see how professional the actual phishing page itself looks, but if it looks legit at all, some people will fall for it.
This one was easy for me to recognize as a scam because I don’t have a Wells Fargo account. But if someone does have an account and gets an e-mail like this, the biggest indication that the e-mail is fake is by hovering the mouse pointer over the link.
The author of the e-mail can change what text is displayed in the link, while the destination of the link is someplace completely different. Hovering your mouse pointer over the link, causes the actual destination of the link to pop up in a “tooltip” box, or possibly down at the bottom in the status bar.
Here’s what it looks like when I hover the mouse over the link using my e-mail application:
As you can see, the destination of the link has no relationship to what’s printed in the e-mail. This is an immediate indication of a scam.
I’d be willing to bet that if you reply to this e-mail, you’d get “address does not exist” failure. They created the “reply-to” address out of thin air, just to make it appear as if the e-mail came from someone at Wells Fargo. It didn’t.
Here’s the most important tip I can give: Never, Ever, Ever click on a link from an unsolicited e-mail and enter any sensitive data in the resulting page.
If your bank really does want to verify your information, they won’t send you to some unusual page and ask you to enter your account info, they’ll ask you to log into your account and verify the information there.
If you get an e-mail like this, and you really do think it’s legit, call your bank and ask them if it’s actually from them. If it’s real, they’ll know it and they’ll be able to tell you so. Most likely, it’s not…no matter how realistic it may look.