I received an interesting “phishing” e-mail today that at first glance appeared to be a notice from Wells Fargo. It only took a few seconds however to determine that it was not a legitimate email. If not already aware, so called “Phishing” emails are typically attempts to steal the logon credentials to your e-mail account, bank, or other vendor websites. This is generally achieved by posting a fake web portal that looks legitimate, and then sending people links to the portal in the hopes they will pass their credentials on to the scammers. Let’s take a look at some of the tell-tale signs that can inform us that this example is such an attempt.
First let’s take a look at the reported “From” address. As we can see, this mail appears to be from an email address associated with the country of Vietnam. Wells Fargo would obviously never send e-mail to US based customers from an Vietnam based domain name. This alone should be enough to inform a computer user that they can delete this mail; but let’s look for more tell-tale signs.
Next, we can see that although the link appears to use a Wells Fargo address, when we “mouse over” the included link we can see that the link also has no connection to Wells Fargo. The link instead points to a domain name of “CherryDemoServer10.com“. Clearly Wells Fargo would never send customers emails utilizing this domain name in any way. This “mouse-over” test is a great way to validate links before clicking them.
We could go further, digging into the message header for this email and verifying that it originated in Vietnam, etc.; but for the purposes of this blog post we will stop here after only finding two tell-tale signs.
The perpetrators of these “phishing” scams and the tricks they employ are becoming more sophisticated. We must all be on our guard and ensure that we employ these verification steps before clicking on suspicious email links.