Beware of Online Phishing!

“Wells Fargo” sends request for account information – Don’t fall for this!

As I was sorting through my e-mail today, I noticed an “Account Security Measures Notification” from “Wells Fargo” notifying me that my identity had been compromised. (E-mail in .pdf included below). Right away, I knew it was a scam, especially since Wells Fargo sends my statements to my personal, not work e-mail account! But I thought I’d take a look for laughs.

“Dear Customer: As part of our security measures, we regularly screen activity in the credit and debit card system. During a recent screening, we noticed an issue regarding your account. Your account may have been accessed by an unauthorized third party. As a precaution, we are requesting additional verification of your payment and personal information in order to protect your Wells Fargo account against unauthorized transactions.”

So this is all for my protection… Riiight, moving on.

Please send a fax with your following informations (emphasis added) to remove any holds on this account. If we will not receive (emphasis added) your fax within 24 hours your account will be temporarily suspended.

So now its standard operating procedure to FAX this kind of stuff? And my account has been temporarily suspended until I send them all my personal information? Great…

Then they go on to ask for my billing address, first and last name, social security number, “Adress“, city, state, zip code and e-mail. (Nevermind that “Adress” is spelled “address” and they presumably already have my e-mail.)

In addition, of course, they need my account information: credit/debit card number, PIN “for bank customer verification” and the “Code Verification number” (known in the industry as the “CID” number) and expiration date — Convenient, EVERYTHING one would need to use your card fraudulently, and more!

I’m instructed to fax all this information to the number provided: 1-609-228-5841 — Feel free to send all your junk mail their way 🙂

The e-mail closes with the kicker:

“For your security, we deactivated your account.”

Never mind that the e-mail previously stated that the account would be temporarily suspended if information is not received within 24 hours. This last plug is just intended to hoax you into frantically sending them your personal/financial information.

Have you received email with a similar message? It’s a scam called “phishing” and it involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, social Security number, passwords, or other sensitive information) from unsuspecting victims.

Many people get hooked by these emails because they warn consumers their identity or information has been compromised and needs to be verified, or because they include the logos of financial institutions. But remember, it’s easy to Google image search any company or organization and obtain an authentic logo.

Here are some tips from OnGuard Online to avoid getting hooked by a “phishing” Identity Theft scam:

• DON’T REPLY to email messages that ask for personal or financial information, and don’t click on links in the message. Don’t cut and paste a link from the message into your Web browser — phishers can make links look like they go one place, but that actually send you to a different site.
• Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” But, they use Voice over Internet Protocol technology, so the area code you call doesn’t reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
• Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
• NEVER email personal or financial information.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
• Forward phishing emails to spam@uce.gov – and to the company, bank, or organization impersonated in the phishing email. You also may report phishing email to reportphishing@antiphishing.org.
• If you’ve been scammed, visit the Federal Trade Commission’s Identity Theft website at ftc.gov/idtheft.