Saturday, February 27, 2016

Fake Locked Bank Accounts

This scam has been running for decades but as more banks go digital and send email notifications and alerts, more customers are falling for these fake emails that look like official bank notifications but they are NOT.

They are an attempt by scammers to get your banking log on credentials so they can steal your money.

Here's a tip - never use your email in any part of your banking log on user name. It's just too easy for scammers to figure out or use software to guess. Remember, scammers are getting more sophisticated so they are gathering all kinds of social data and putting together "guesses" about people's information based on what they've been able to collect across all your social media accounts and activity. Don't make it easy for them.

And I know it's a pain... but get into the habit of changing your banking log in password on some kind of regular basis. Oh - and don't use your birthday date in your password or PIN number. Your email and your birth date are some of the first things scammers try.

Below is a sample scam email that actually had a file attached to it (which highly likely if it is opened would install a virus or more importantly a quiet piece of code on your computer which would monitor your keystrokes and what site you are on and getting your banking log in credential that way) so the age old advice of do not open attachments from emails unless you feel 1000% sure you know what that attachment is. With things like banks, I have recommended when in doubt CALL them first and ask if they really did send that email and attachment. Confirm before you take the risk.

How did I know this was a scam without checking? I don't have an account with Wells Fargo. But lots and lots of people do, so the odds that the scammer is going to email someone who does is quite high. And the odds that some unsuspecting person is going to trust that email and think Wells Fargo actually sent it is also high.

Scammers work by a number odds game.

The headers are all faked in this email and the scammer could care less about if you reply to this email and it goes back to Wells Fargo. They care about you opening that attached file so they can install something malicious on your computer or smartphone. And they also try to trick users into going to a fake page that looks exactly like a Wells Fargo log in page and get the unsuspecting user to enter their log in credential and when they hit the log in button, the scammer now has that user's log in credentials for themselves.

When I checked the full headers of the email, I saw these two lines, which were also indicators this was not a legitimate email:

Received: from ( [])
X-SPF-Check: is not allowed to send mail from

I then googled netvigator spam and got all kinds of results of spam being sent from this domain.

For those who have Wells Fargo accounts and receive emails like this, those are some additional signals to look for.

By the way, Wells Fargo was in no way targeted. Scammers send this very same email out millions of times with every other bank name - trying to catch those who happen to bank at the bank name of the scam email sent to them. 

In this case, they missed their mark because I don't have an account with Wells Fargo.

From: Wells Fargo Bank Alert (
Subject: Wells Fargo Account Access Sign-In Alert
Dear Wells Fargo Customer,
Your access to Online Banking Service has been locked. Due to a miss-match access
code between your Security information..
As part of our security measures, Kindly open and download the attached file and
Follow the instructions on your screen. 
Thank you for helping us to protect you.

© 1999 - 2015 Wells Fargo. All rights reserved. NMLSR ID 399801

No comments:

Post a Comment