![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Nyah, nyah they didn't scam me!
My friends, this is how they do it -- remember and be paranoidly vigilant.
You know how I had my Wells Fargo credit card cancelled and replaced after the burglary? Well, today I got an e-mail purporting to be from Wells Fargo saying they're concerned about unusual activity on my account and I need to fax them all my personal and account information to verify my identity or they'll cancel my account.
Yeah, right. Other than my knee-jerk assumption of fraud, what were the clues? Well, once you pull up "view source code", the e-mail address of mine that they're sending it to was harvested off my web site and is clearly one I would never have given to my bank. And the area code for the fax number is a toll number in New Jersey, not the expected toll-free number. And, oh yeah, what was the other problem with their approach? I'M NOT STUPID!
Of course, I get dozens of phishing spams like this every month -- hundreds in a year. Most are instantly recognizable as such because they're for companies I don't have any dealings with. But remember: pure chance means that they're eventually going to hit one you do. And like any good "cold reader", the bait is vague enough yet specific enough that if they get a chance hit on your immediate circumstances, you supply the rest of the scenario in your head. There is absolutely no reason to suppose this scam e-mail has any connection to my burglary. It doesn't need to. They shotgun this thing out to hundreds of thousands of e-mail addresses and all they need is one or two people who have recently lost a Wells Fargo credit card who will panic and respond without thinking things through.
Now to see if Wells Fargo has a fraud reporting e-ddress I can forward it to.
You know how I had my Wells Fargo credit card cancelled and replaced after the burglary? Well, today I got an e-mail purporting to be from Wells Fargo saying they're concerned about unusual activity on my account and I need to fax them all my personal and account information to verify my identity or they'll cancel my account.
Yeah, right. Other than my knee-jerk assumption of fraud, what were the clues? Well, once you pull up "view source code", the e-mail address of mine that they're sending it to was harvested off my web site and is clearly one I would never have given to my bank. And the area code for the fax number is a toll number in New Jersey, not the expected toll-free number. And, oh yeah, what was the other problem with their approach? I'M NOT STUPID!
Of course, I get dozens of phishing spams like this every month -- hundreds in a year. Most are instantly recognizable as such because they're for companies I don't have any dealings with. But remember: pure chance means that they're eventually going to hit one you do. And like any good "cold reader", the bait is vague enough yet specific enough that if they get a chance hit on your immediate circumstances, you supply the rest of the scenario in your head. There is absolutely no reason to suppose this scam e-mail has any connection to my burglary. It doesn't need to. They shotgun this thing out to hundreds of thousands of e-mail addresses and all they need is one or two people who have recently lost a Wells Fargo credit card who will panic and respond without thinking things through.
Now to see if Wells Fargo has a fraud reporting e-ddress I can forward it to.
no subject
no subject