Nyah, nyah they didn't scam me!

[hrj]

My friends, this is how they do it -- remember and be paranoidly vigilant.

You know how I had my Wells Fargo credit card cancelled and replaced after the burglary? Well, today I got an e-mail purporting to be from Wells Fargo saying they're concerned about unusual activity on my account and I need to fax them all my personal and account information to verify my identity or they'll cancel my account.

Yeah, right. Other than my knee-jerk assumption of fraud, what were the clues? Well, once you pull up "view source code", the e-mail address of mine that they're sending it to was harvested off my web site and is clearly one I would never have given to my bank. And the area code for the fax number is a toll number in New Jersey, not the expected toll-free number. And, oh yeah, what was the other problem with their approach? I'M NOT STUPID!

Of course, I get dozens of phishing spams like this every month -- hundreds in a year. Most are instantly recognizable as such because they're for companies I don't have any dealings with. But remember: pure chance means that they're eventually going to hit one you do. And like any good "cold reader", the bait is vague enough yet specific enough that if they get a chance hit on your immediate circumstances, you supply the rest of the scenario in your head. There is absolutely no reason to suppose this scam e-mail has any connection to my burglary. It doesn't need to. They shotgun this thing out to hundreds of thousands of e-mail addresses and all they need is one or two people who have recently lost a Wells Fargo credit card who will panic and respond without thinking things through.

Now to see if Wells Fargo has a fraud reporting e-ddress I can forward it to.

Comments

[etfb.livejournal.com]

They haven't gotten any less lazy than when I last looked at one of their attempts (http://etfb.livejournal.com/7295.html). Seriously, I find myself thinking that people who fall for this stuff deserve to. Now that you guys have a president-elect who's not embarrassingly mediocre, is it ok to discriminate against people on the grounds of stupidity yet?

[brooksmoses]

I sent the one I got to reportphish@wellsfargo.com.

I also sent it to the Campbell police department, since the fax number I was given was a 408-area-code landline that's on a Campbell exchange. Weird that they're using multiple numbers.

[hrj.livejournal.com]

Yeah, that's the reporting address I found, too. Most of the time I just delete phishing letters, but since they got me to go as far as reading the thing (and since I have a personal interest in the relevant company) I figured it was worth reporting this time.

[aastg.livejournal.com]

Some time ago I got an email just like yours, and I called Wells. They had me forward the email to their fraud unit (and were smart enough to make sure I had deleted it out my sent mail afterwards).

[thatcrazycajun.livejournal.com]

Check with trektone - he works for Wells Fargo. (And my bank just got bought out by them, so it appears I will soon be a WF account holder myself.)

[joycebre.livejournal.com]

they actually called me and froze my card for me when someone in Hong Kong started using it. When i called them back and said duh, how could I call you from CA if I were in Hong Kong, they fixed everything. Much as I think they're an evil bank, I was impressed that they took the initiative and took care of this.

[duchessletitia.livejournal.com]

This is something that is sponsored by Visa and MasterCard. They have programs that watch activity and notify the Banks when they detect unusual transactions. We get these all day and most turn out to be fraud.

It is a good idea to notify your Credit Card companies when you go on vacation. It can be embarrassing when your card does not work because the Bank thinks it might not be you.

[goldenstag.livejournal.com]

It is weird to get one of these calls, but I prefer it to there being a real problem. I actually was the one using my card once, but I ordered something from a German company, and that set off alarm bells at the bank, who called me. I told them that yes, indeed, that was me, and everything was fine.

[etfb.livejournal.com]

Shortly after I got my first credit card, I bought something online (this being the reason I got one in the first place, since in Australia it's very rare to find a shop without a debit card processing facility, so credit cards are redundant for day-to-day shopping) -- then Visa called me up to query a Canberra person buying a couple of hundred dollars of stuff in Melbourne, about eight hours away by car. I carefully explained that the young people nowadays have this thing called THE INTERNET and that it's not always local...

[goldenstag.livejournal.com]

ANY Email that asks you to post a bunch of personal information is a scam/Phishing scheme, etc. Banks don't do this stuff via email. There are plenty of ways to determine if it's a scam. Check the URL of the website that they're sending you to, for starters ... You were definitely right to check. I don't even bother reporting this stuff anymore. It doesn't do any good.

[brooksmoses]

This one was weird, though -- they weren't sending us (I got a copy of it as well) to a website, but asking us to fax in the data.

[goldenstag.livejournal.com]

That is unusual. From there, I guess checking to see if the fax number is accurate would make sense ... or even contacting the bank/other company ...