[Resolved] FOUL! /dev/null'ing report for reportphish#wellsfargo.com[at]devnull.spamcop.net

[cwg]

Report Phish and Email Scams

If you encounter a suspicious email or website that says it's from Wells Fargo, do not respond to it or click any links.

What to do

Never open attachments, click on links, or respond to emails from suspicious or unknown senders. If you receive a suspicious email that appears to be from Wells Fargo, forward the email to reportphish[at]wellsfargo.com.

What is a phish?

Phish or fraudulent emails may contain links to phony websites or request you to share personal or financial information by using clever and compelling language, such as an urgent need to update your information or communicate with you to ensure the security of your accounts.

www.wellsfargo.com privacy_security fraud report fraud

[Farelf]

What IP address were you trying to report? There's something strange with the Wells Fargo servers:

C:\Documents and Settings\Admin>nslookup -type=ptr 151.151.16.15 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

15.16.151.151.in-addr.arpa name = bp11mnsvdc-out.wellsfargo.com

But

Parsing input: 151.151.16.15

No recent reports, no history available

Display data:

"whois 151.151.16.15[at]whois.arin.net" (Getting contact from whois.arin.net )

Redirect to ripe

Display data:

"whois 151.151.16.15[at]whois.ripe.net" (Getting contact from whois.ripe.net)

Redirect to whois.afrinic.net:

Display data:

"whois 151.151.16.15[at]whois.afrinic.net" (Getting contact from whois.afrinic.net)

Organisation contact e-mail = bitbucket[at]ripe.net

iana1-afrinic = bitbucket[at]ripe.net

whois.afrinic.net 151.151.16.15 = bitbucket[at]ripe.net

No reporting addresses found for 151.151.16.15, using devnull for tracking.

Statistics:

151.151.16.15 not listed in bl.spamcop.net

More Information..

151.151.16.15 not listed in dnsbl.njabl.org ( 127.0.0.8 )

151.151.16.15 not listed in dnsbl.njabl.org ( 127.0.0.9 )

151.151.16.15 listed in cbl.abuseat.org ( 127.0.0.2 )

No valid email addresses found, sorry!

Yet

C:\Documents and Settings\Admin>nslookup -type=ptr 167.138.239.94 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

94.239.138.167.in-addr.arpa name = mxdinx01e.wellsfargo.com

And

Parsing input: 167.138.239.94

No recent reports, no history available

Routing details for 167.138.239.94

[refresh/show] Cached whois for 167.138.239.94 : domain.names[at]wachovia.com

Using abuse net on domain.names[at]wachovia.com

abuse net wachovia.com = reportphishing[at]antiphishing.org, phishing-report[at]us-cert.gov, abuse[at]wachovia.com

Using best contacts reportphishing[at]antiphishing.org phishing-report[at]us-cert.gov abuse[at]wachovia.com

Statistics:

167.138.239.94 not listed in bl.spamcop.net

More Information..

167.138.239.94 not listed in dnsbl.njabl.org ( 127.0.0.8 )

167.138.239.94 not listed in dnsbl.njabl.org ( 127.0.0.9 )

167.138.239.94 not listed in cbl.abuseat.org

167.138.239.94 not listed in dnsbl.sorbs.net

Reporting addresses:

reportphishing[at]antiphishing.org

phishing-report[at]us-cert.gov

abuse[at]wachovia.com

May be "just" a cache/DNS thing? I don't see where the "Redirect to whois.afrinic.net" comes from in the first parse (151.151.16.15)

[SpamCopAdmin]

I set SpamCop so that we will send reports to reportphish[at]wellsfargo.com

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

[MainID]

Nice topic post.

The phishing emails I receive for the common major banks are being picked up by SpamCop and reports are being sent to them.

For the readers of this topic, if in doubt about a site (the main URL) check the website WOT (no I have no connection with them).

As myself and other spam, Scam and Phishing reviewers post scam and phishing site warnings there as they are received. This site also picks up listings and reports from the major web sites; PhishTank, SpamCop and blacklists.

[lisati]

The thing I've noticed about phishing efforts, on the rare occasion that they arrive in my inbox, is that there's usually something "off" with the email. Being from an organisation you've never done business with is usually fairly obvious, as is asking for details they wouldn't normally ask you for via email.

The first phishing attempt I recall seeing, quite a few years ago now, claimed to be from an organization that I have actually done business with and nearly had me fooled for a moment. Three things made me smell a rat: (1) My account with them was long closed, (2) I'd never used their internet services, and (3) the email came from the "wrong" country.