Author |
Message |
Ruskes-Jadav
Hello I'm New here!
Joined: 15 Dec 2011
Posts: 5
|
Posted:
Thu Dec 15, 2011 7:35 am |
|
Wells Fargo Phishing Email in my email (scarry it was actualy addressed to me!!)
[email protected] on behalf of; Wells Fargo Online [[email protected]]
Quote: |
<http://yavaslar.com/images/wellsfargo/wellsfargo-online.php>
Dear Valued Client,
Account Access Notification
:
It has come to the notice of the online banking security team of Wells Fargo, that there have been multiple logons to your Wells Fargoonline banking accounts from numerous IPs.
We Have reason to believe that there has been unauthorised transactions in your account as of recent
We therefore will need you to verify this transactions by logging on to our online banking service and Confirm your security questions and answers you used to set up your account online
Wells Fargo Online Banking <http://www.hainanworld.ru/doc/dogfiz/wellsfargo-online.php>
If you experience any difficulty with the login process, please contact our Client Services Team on 800 219 7757 (local rates) or e-mail us at [email protected] <mailto:[email protected]> To help us to improve our service, we may record or monitor phone calls Sorry For the Inconvienence
Regards,
© 1999 - 2011 Wells Fargo. All rights reserved. NMLSR ID 399801
|
|
|
|
|
|
Ruskes-Jadav
Hello I'm New here!
Joined: 15 Dec 2011
Posts: 5
|
Posted:
Thu Dec 15, 2011 7:42 am |
|
ipTRACKERonline.com wrote: |
Header Analysis Quick Report<br>Originating IP: 41.155.74.116<br>Originating ISP: Starcomms Limited<br> City: Lagos<br>Country of Origin: Nigeria<br>* For a complete report on this email header goto ipTRACKERonline |
|
|
|
|
|
Ruskes-Jadav
Hello I'm New here!
Joined: 15 Dec 2011
Posts: 5
|
Posted:
Thu Dec 15, 2011 8:03 am |
|
I managed to download multiple .doc and .xlm from the server where the Wells Fargo phishing originated from.
I did not open the files since not sure my virus protection is adequate on this computer.
How do I attach those files to publish here ?
Don't - RC
Well, here is the url:
Redacted - RC
and all the sub folders so you can see for your self |
|
|
|
|
N N N
Master of Master Baiters
Joined: 26 Sep 2008
Posts: 689
|
Posted:
Thu Dec 15, 2011 8:32 am |
|
Ruskes-Jadav wrote: |
I managed to download multiple .doc and .xlm from the server where the Wells Fargo phishing originated from. |
You really ahould not do that. I'd suggest a thorough scan of your computer is in order. |
|
|
|
|
Ruskes-Jadav
Hello I'm New here!
Joined: 15 Dec 2011
Posts: 5
|
Posted:
Thu Dec 15, 2011 8:58 am |
|
|
|
|
Ruskes-Jadav
Hello I'm New here!
Joined: 15 Dec 2011
Posts: 5
|
Posted:
Thu Dec 15, 2011 9:14 am |
|
So I downloaded the documents from the server where the Phishing Wells Fargo site is.
Mostly they are .doc and some .xls
They are all in Russian ;(
Anyway
It looks like those documents are from a Travel Agency ?
Now the question is:
Is the travel agency just a fasade for the scamer,
or did the scamer hack in to the travel agency computer.
The travel agency:
Chinaworld!
|
|
|
|
|
Ruskes-Jadav
Hello I'm New here!
Joined: 15 Dec 2011
Posts: 5
|
Posted:
Thu Dec 15, 2011 9:59 am |
|
Send an email to the businees woner of the Chinaworld.ru
Quote: |
Hello Natalia
I have some urgent information for you:
I got an email from
[email protected]
with a link to your website
Code: |
http://www.hainanworld.ru/doc/dogfiz/wellsfargo-online.php
http://www.hainanworld.ru/doc/dogfiz/
|
It shows a FAKE Wells Fargo (Bank) Log In site.
I suggest you immediately shut that phishing link on your server.
I have informed the authority (Police and internet crime department about this incident).
However, I believe you are just a victim of a hacker.
Since this is a very dangerous link, I will give you 2 hours from the time of this email, before taking more concrete actions against your business |
. |
|
|
|
|
Roycropper
Baiting Guru
Joined: 14 Nov 2005
Posts: 7992
Location: Luxury Coffin
|
Posted:
Thu Dec 15, 2011 10:16 am |
|
This is not 'Surplus Scam Letters', so I have moved it to misc.
As bad as phishers are, don't go threatening possible ITP's, that's not the way to go about it. I disabled a couple of links, if users go clicking on links from here, we show up in their traffic logs.
Maybe our site killers can advise you. |
_________________ the European Union has bounced on our freckles
COULD YOU IMAGINE WHAT HAPPENED WHEN I WENT TO THE BANK
our Agent is Completely broke, pocketless and stranded
I WLL SEND AN AFRICA WITCH TO ATTACH YOU BASTARD
You go die like bird
i started shouting HALLELUJAGOBBLE but none of them notice me immediately police arrested me due to the shouting
f*ck u asshole ur damn mother will loose ur fcuking skull brain ur brain is nothing to compare with rat f*ck ur u
MY FRIEND ALEX WAS DETAINED IN POLICE STATION
I am not happy due to the question i answered at money office. Let me tell you do not play with me ok.
x4 6Yrs x6 |
|
|
|
Ruskes-Jadav
Hello I'm New here!
Joined: 15 Dec 2011
Posts: 5
|
Posted:
Thu Dec 15, 2011 10:45 am |
|
Still learning where is the right place to post in here !!
So, I have to use the "Code" to disable the hot links!
I gave the owner of the website a chance to delete the Phishing content,
but i also reported it to Wells Fargo.
Lots of inocent people will loose lots of money if they give out they Wells Fargo Log In information to those crocks. |
|
|
|
|
|