Phishing Email Provides Many Clues It's Phishing For Your Credentials
By: Jim Stickley and Tina Davis
November 24, 2019
You’re locked out of your bank account. Yep. You know you’ve done it numerous times. You have three tries and you just cannot remember that password. Let’s face it. You have a million, or even trillion passwords (maybe this is a bit of an exaggeration) you’re trying to remember at any given time, so it is certainly understandable if you lock yourself out of an account from time to time due to too many tries. Well, fortunately your financial institution will send you an email or text letting you know how you can unlock it. But hackers know this routine and are capitalizing on it using a well-known financial institution’s name.
First, if you do lock yourself out of your account, whatever organization it is will usually send you email with such instructions right away. At least within 15 minutes or so. Therefore, if you see an email in your inbox stating you need to verify your account, but it isn’t right away you should really take a good look at it before clicking anything at all.
In this case, Wells Fargo is the financial institution being used in phishing attacks. The scammers send that message hoping that someone will click on their phony link and give up their credentials. Remember that any time you get an email from an organization that has very sensitive or personal information, such as your social security number, your account numbers, etc., you should be 100% positive that it’s a legitimate message before taking action. In this one going around, there are obvious signs that it is a fake:
- It has a generic greeting: “Dear Customer.” Usually, these will be personalized.
- The first sentence makes no sense at all. It says, “For your security unusual incorrect sign in attempt to your Wells Fargo account.” Well, that should be a big red flag.
- There is a typo in the word “suspend.” It’s actually terribly spelled as “supspension”
- The sender’s address is not a Wells Fargo address. If you have doubts about the address you receive email from, check back in your email list to see what a real one has in it. For example, if email usually comes from services@yourfinancialinstitution.com, but the one you’re looking at is from myaccount@yourfinancialinstitution.com, it could very well be a fake address.
People have a tendency to get worked up and scared of ransomware and other types of malware. Yes, that should be a concern to everyone, because they can make their way onto your machines from malicious links, websites, etc. But phishing for credentials is still the primary way cybercriminals get their grubby paws on your login credentials. That’s because frankly, it’s not so difficult. All they have to do is send email and ultimately, someone (or many) will fall for it.
Always take a good look at email messages that ask you to verify credentials or profile information. Instead of clicking links, even if you’re sure it’s legitimate, just go directly into your account from a previously safely bookmarked link and check your accounts that way.
Taking the above closer look and ensuring any link or attachment is expected, from a known and trusted source, and is 100% trusted to be safe, you can significantly lower your chances of becoming a victim of phishing.