Back to Blog

Is There Anything Left to Phish? Fake Wells Fargo Credit Card Authorization Notification

By Jim Bruene Posted on
Categories: Phishing, RSS, Security & Privacy

I hate phishing. Not only has it cost the world's financial institutions tens of millions in fraud losses, it's just about killed the email channel in terms of getting your customer's attention in a timely fashion, and it's diverted management's attention from much-needed online marketing improvements. That's much worse than the actual fraud losses. 

Like most people with widely published email addresses, I get a half-dozen phishing messages every day (note 1). I rarely give them a second look unless they purport to be from my bank. Almost all of them are placed in the junk folder by Outlook, one of the nicer services of Microsoft Office.

Phishers have to be much more creative these days. The time has past when a few paragraphs of broken English and the bank's logo could net the fraudsters a few extra coins. Now I get fake emails asking me to verify my security settings, authorize account changes, or claim a sweepstakes prize.

Wells Fargo credit card authorization phish CLICK TO ENLARGE For example, today I received a fake credit card authorization request from Wells Fargo (see inset). I'm not sure why it prompted a blog entry. Maybe because I use a Wells card or maybe because I've been talking to mobile banking execs about this very subject. But the fake was good enough to force me to take a closer look. The biggest clue is the wrong format for the USD charge, using a "comma" instead of a decimal point between the dollars and sense. But otherwise it's pretty good, and may even net a few card numbers before its taken down.

Analysis
I am optimistic that email can still be effective if financial institutions clearly personalize their messages (see samples here and here). However, gaining customer trust back, especially for security-related messages, is a long-term project. That's why we are telling financial institutions to invest in RSS/XML feeds (Online Banking Report #135/136) and/or mobile banking (Online Banking Report #138/139) in order to reach their customers in a way that is less prone to fraud, at least for now.

Notes:

1. A great online repository of phishing examples is housed at MillerSmiles.co.uk

2. There's a whole book on phishing, click on cover above to go to Amazon's description of the title.

Share this:

Send Post Twitter LinkedIn Facebook