cwg Posted October 24, 2012 Share Posted October 24, 2012 Report Phish and Email Scams If you encounter a suspicious email or website that says it's from Wells Fargo, do not respond to it or click any links. What to do Never open attachments, click on links, or respond to emails from suspicious or unknown senders. If you receive a suspicious email that appears to be from Wells Fargo, forward the email to reportphish[at]wellsfargo.com. What is a phish? Phish or fraudulent emails may contain links to phony websites or request you to share personal or financial information by using clever and compelling language, such as an urgent need to update your information or communicate with you to ensure the security of your accounts. www.wellsfargo.com privacy_security fraud report fraud Link to comment Share on other sites More sharing options...
Farelf Posted October 24, 2012 Share Posted October 24, 2012 What IP address were you trying to report? There's something strange with the Wells Fargo servers: C:\Documents and Settings\Admin>nslookup -type=ptr 151.151.16.15 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: 15.16.151.151.in-addr.arpa name = bp11mnsvdc-out.wellsfargo.com But Parsing input: 151.151.16.15 No recent reports, no history available Display data: "whois 151.151.16.15[at]whois.arin.net" (Getting contact from whois.arin.net ) Redirect to ripe Display data: "whois 151.151.16.15[at]whois.ripe.net" (Getting contact from whois.ripe.net) Redirect to whois.afrinic.net: Display data: "whois 151.151.16.15[at]whois.afrinic.net" (Getting contact from whois.afrinic.net) Organisation contact e-mail = bitbucket[at]ripe.net iana1-afrinic = bitbucket[at]ripe.net whois.afrinic.net 151.151.16.15 = bitbucket[at]ripe.net No reporting addresses found for 151.151.16.15, using devnull for tracking. Statistics: 151.151.16.15 not listed in bl.spamcop.net More Information.. 151.151.16.15 not listed in dnsbl.njabl.org ( 127.0.0.8 ) 151.151.16.15 not listed in dnsbl.njabl.org ( 127.0.0.9 ) 151.151.16.15 listed in cbl.abuseat.org ( 127.0.0.2 ) No valid email addresses found, sorry! Yet C:\Documents and Settings\Admin>nslookup -type=ptr 167.138.239.94 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: 94.239.138.167.in-addr.arpa name = mxdinx01e.wellsfargo.com And Parsing input: 167.138.239.94 No recent reports, no history available Routing details for 167.138.239.94 [refresh/show] Cached whois for 167.138.239.94 : domain.names[at]wachovia.com Using abuse net on domain.names[at]wachovia.com abuse net wachovia.com = reportphishing[at]antiphishing.org, phishing-report[at]us-cert.gov, abuse[at]wachovia.com Using best contacts reportphishing[at]antiphishing.org phishing-report[at]us-cert.gov abuse[at]wachovia.com Statistics: 167.138.239.94 not listed in bl.spamcop.net More Information.. 167.138.239.94 not listed in dnsbl.njabl.org ( 127.0.0.8 ) 167.138.239.94 not listed in dnsbl.njabl.org ( 127.0.0.9 ) 167.138.239.94 not listed in cbl.abuseat.org 167.138.239.94 not listed in dnsbl.sorbs.net Reporting addresses: reportphishing[at]antiphishing.org phishing-report[at]us-cert.gov abuse[at]wachovia.com May be "just" a cache/DNS thing? I don't see where the "Redirect to whois.afrinic.net" comes from in the first parse (151.151.16.15) Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted October 24, 2012 Share Posted October 24, 2012 I set SpamCop so that we will send reports to reportphish[at]wellsfargo.com - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - Link to comment Share on other sites More sharing options...
MainID Posted October 24, 2012 Share Posted October 24, 2012 Nice topic post. The phishing emails I receive for the common major banks are being picked up by SpamCop and reports are being sent to them. For the readers of this topic, if in doubt about a site (the main URL) check the website WOT (no I have no connection with them). As myself and other spam, Scam and Phishing reviewers post scam and phishing site warnings there as they are received. This site also picks up listings and reports from the major web sites; PhishTank, SpamCop and blacklists. Link to comment Share on other sites More sharing options...
lisati Posted October 24, 2012 Share Posted October 24, 2012 The thing I've noticed about phishing efforts, on the rare occasion that they arrive in my inbox, is that there's usually something "off" with the email. Being from an organisation you've never done business with is usually fairly obvious, as is asking for details they wouldn't normally ask you for via email. The first phishing attempt I recall seeing, quite a few years ago now, claimed to be from an organization that I have actually done business with and nearly had me fooled for a moment. Three things made me smell a rat: (1) My account with them was long closed, (2) I'd never used their internet services, and (3) the email came from the "wrong" country. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.