Clever phishing -- be careful!

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills
Locked
McCharley
Posts: 323
Joined: Tue Apr 12, 2011 5:45 pm

Clever phishing -- be careful!

Post by McCharley » Wed Feb 21, 2018 2:12 pm

Someone just posted on Reddit about getting phished on their Wells Fargo account.

He had two factor authentication and was wary; this is what happened:

He got called from someone claiming to be Wells Fargo fraud. They knew his name, account number, and purchase history. They asked him about some recent purchases, which he knew about, but there was one fraudulent one, which he pointed out. So far, this has happened to me, too.

What happened next was they said he'd be texted a number to verify his identity. Sure enough, a number got texted and he told the operator the number. This happened a couple of times.

Then he hung up and whammo -- all these messages come through from Wells Fargo saying that he has updated his account information and transferred $1000! :shock: The call was all just a scam to get his two-factor numbers.

To add insult to injury it took him two hours to get through to Wells Fargo fraud. :annoyed They told him this has been happening a lot and he has to go to a local branch in person with two forms of identification to get his account back.

Be careful out there, Boglers! :beer

barnaclebob
Posts: 3072
Joined: Thu Aug 09, 2012 10:54 am

Re: Clever phishing -- be careful!

Post by barnaclebob » Wed Feb 21, 2018 2:18 pm

I think they used some clever social engineering to get to the account in a specific method. They first asked him to verify a texted number which I think then gave them access to the account so they could read off the real purchases then make up a fake one.

The red flag is that they called him and then asked him for security codes accessed on the same device which doesn't make sense when you think about it.

User avatar
Pajamas
Posts: 6015
Joined: Sun Jun 03, 2012 6:32 pm

Re: Clever phishing -- be careful!

Post by Pajamas » Wed Feb 21, 2018 2:20 pm

I don't think I've ever had anyone call me from a financial organization unexpectedly. In a situation like that, always ask if you can call them back on a known number for that organization. It's not 100% sure to prevent problems, especially if someone inside the organization were a scammer as at Wells Fargo, but would at least act as a general safeguard against this kind of theft.

Same is true for any type of unsolicited call from any business or organization. Anyone legitimate would have no problem with you calling them back.

User avatar
DaftInvestor
Posts: 4080
Joined: Wed Feb 19, 2014 10:11 am

Re: Clever phishing -- be careful!

Post by DaftInvestor » Wed Feb 21, 2018 2:25 pm

McCharley wrote:
Wed Feb 21, 2018 2:12 pm
They knew his name, account number, and purchase history.
So they were already hacked into his account? I wonder if he had a weak password or if Wells Fargo themselves got hacked or if he already clicking on a phishing website and gave away his credentials (latter is most likely).
McCharley wrote:
Wed Feb 21, 2018 2:12 pm
What happened next was they said he'd be texted a number to verify his identity. Sure enough, a number got texted and he told the operator the number.
Second mistake by the whomever told this story on Reddit. I wonder if he gave them his SS# and other information as well.
Last edited by DaftInvestor on Wed Feb 21, 2018 2:32 pm, edited 1 time in total.

Ruger
Posts: 246
Joined: Fri Jun 09, 2017 9:44 pm

Re: Clever phishing -- be careful!

Post by Ruger » Wed Feb 21, 2018 2:26 pm

A couple of weeks ago I got an email supposedly from Wells Fargo claiming that there was fraudulent activity on my account and I needed to follow a link to verify my identity and reset my password, etc. Obviously it was a fraud, but especially so since I don't have any accounts at WF. Obviously they were sending out massive emails to known addresses, hoping some would find themselves to WF account holders.

User avatar
MP123
Posts: 795
Joined: Thu Feb 16, 2017 3:32 pm

Re: Clever phishing -- be careful!

Post by MP123 » Wed Feb 21, 2018 2:30 pm

So the attacker had access to the account (with the password) and then tricked the victim into giving them the 2FA codes to complete the transfers?

How did they get the password? They must have had it to know about the verifying transactions and to get the victims 2FA phone number.

User avatar
Pajamas
Posts: 6015
Joined: Sun Jun 03, 2012 6:32 pm

Re: Clever phishing -- be careful!

Post by Pajamas » Wed Feb 21, 2018 2:31 pm

Ruger wrote:
Wed Feb 21, 2018 2:26 pm
A couple of weeks ago I got an email supposedly from Wells Fargo claiming that there was fraudulent activity on my account and I needed to follow a link to verify my identity and reset my password, etc. Obviously it was a fraud, but especially so since I don't have any accounts at WF. Obviously they were sending out massive emails to known addresses, hoping some would find themselves to WF account holders.
Did that email not go into spam? If not, then consider changing your email provider.

User avatar
DaftInvestor
Posts: 4080
Joined: Wed Feb 19, 2014 10:11 am

Re: Clever phishing -- be careful!

Post by DaftInvestor » Wed Feb 21, 2018 2:31 pm

Ruger wrote:
Wed Feb 21, 2018 2:26 pm
A couple of weeks ago I got an email supposedly from Wells Fargo claiming that there was fraudulent activity on my account and I needed to follow a link to verify my identity and reset my password, etc. Obviously it was a fraud, but especially so since I don't have any accounts at WF. Obviously they were sending out massive emails to known addresses, hoping some would find themselves to WF account holders.
This could be how the phisher got the Reddit-posters credentials to get started.
Mistake #1: Visiting a phishing site and entering your credentials.
Mistake #2: Giving away your 2nd authentication factor haphazardly over the phone.

While I appreciate the OP attempting to warn us - I hope that most Bogleheads are smarter than the Reddit story....

HoosierJim
Posts: 455
Joined: Wed Mar 24, 2010 7:11 pm

Re: Clever phishing -- be careful!

Post by HoosierJim » Wed Feb 21, 2018 2:33 pm

Moving to this where I can. Yubico

Image

miamivice
Posts: 961
Joined: Tue Jun 11, 2013 11:46 am

Re: Clever phishing -- be careful!

Post by miamivice » Wed Feb 21, 2018 2:35 pm

The story from Reddit isn't very plausible.

I'm not sure how a scammer would get the purchase history, account information, etc, from someone unless they had already hacked the account. Also, the digits from 2 factor authentication don't do any good unless you already know the person's username and password.

Finally, most online bank accounts don't provide easy methods of transferring money out. Not sure about Wells Fargo today but last time I had a Wells Fargo account it wasn't easy to transfer money out of your account online.

furwut
Posts: 1345
Joined: Tue Jun 05, 2012 8:54 pm

Re: Clever phishing -- be careful!

Post by furwut » Wed Feb 21, 2018 2:35 pm

The Reddit posting is here: https://www.reddit.com/r/personalfinanc ... h=58010271

Two takeaways
1) Do not use an email address as your Username if it can be avoided. Treat it as securely as your password. Assuming that if the poster had done that then the phiser likely could not have begun to access the account to reset the password.

2) When contacted by an institution about a “matter” ask them to note it in your file, hang up and call back using the official number.

McCharley
Posts: 323
Joined: Tue Apr 12, 2011 5:45 pm

Re: Clever phishing -- be careful!

Post by McCharley » Wed Feb 21, 2018 2:37 pm

I have had calls about potential fraudulent activity when I have made out-of-character purchases -- like when I bought a wedding ring. :moneybag

It makes no sense to "verify" the same device you've called, obviously. That should have been a red flag.

Hanging up and calling the number on the back of the card is a good idea, but if WF has a two hour wait time to talk to someone I'm not sure I'd have the patience. :annoyed

Ruger
Posts: 246
Joined: Fri Jun 09, 2017 9:44 pm

Re: Clever phishing -- be careful!

Post by Ruger » Wed Feb 21, 2018 2:37 pm

Pajamas wrote:
Wed Feb 21, 2018 2:31 pm
Ruger wrote:
Wed Feb 21, 2018 2:26 pm
A couple of weeks ago I got an email supposedly from Wells Fargo claiming that there was fraudulent activity on my account and I needed to follow a link to verify my identity and reset my password, etc. Obviously it was a fraud, but especially so since I don't have any accounts at WF. Obviously they were sending out massive emails to known addresses, hoping some would find themselves to WF account holders.
Did that email not go into spam? If not, then consider changing your email provider.
I don't remember. I occasionally check my spam for emails that end up in there by mistake.

furwut
Posts: 1345
Joined: Tue Jun 05, 2012 8:54 pm

Re: Clever phishing -- be careful!

Post by furwut » Wed Feb 21, 2018 2:39 pm

miamivice wrote:
Wed Feb 21, 2018 2:35 pm
The story from Reddit isn't very plausible.

Read the full account at the link I posted. The phiser got access to the account by resetting the password with the “help” of the unwitting victim providing the confirmation texts. Once in they can easily lookup transaction history to further the subterfuge.

furwut
Posts: 1345
Joined: Tue Jun 05, 2012 8:54 pm

Re: Clever phishing -- be careful!

Post by furwut » Wed Feb 21, 2018 2:41 pm

Ruger wrote:
Wed Feb 21, 2018 2:37 pm
Pajamas wrote:
Wed Feb 21, 2018 2:31 pm
Ruger wrote:
Wed Feb 21, 2018 2:26 pm
A couple of weeks ago I got an email supposedly from Wells Fargo claiming that there was fraudulent activity on my account and I needed to follow a link to verify my identity and reset my password, etc. Obviously it was a fraud, but especially so since I don't have any accounts at WF. Obviously they were sending out massive emails to known addresses, hoping some would find themselves to WF account holders.
Did that email not go into spam? If not, then consider changing your email provider.
I don't remember. I occasionally check my spam for emails that end up in there by mistake.
I too occcasionally get such emails for institutions at which I don’t bank at. It’s often one of the big 3 - Chase, BoA or WF. I imagine you’d get a pretty good hit rate with just those three.

miamivice
Posts: 961
Joined: Tue Jun 11, 2013 11:46 am

Re: Clever phishing -- be careful!

Post by miamivice » Wed Feb 21, 2018 2:45 pm

furwut wrote:
Wed Feb 21, 2018 2:39 pm
miamivice wrote:
Wed Feb 21, 2018 2:35 pm
The story from Reddit isn't very plausible.

Read the full account at the link I posted. The phiser got access to the account by resetting the password with the “help” of the unwitting victim providing the confirmation texts. Once in they can easily lookup transaction history to further the subterfuge.
I just finished the Reddit article. If you read it, things happened in a different sequence than was posted at the top of this thread.

What was posted at the top of this thread isn't very plausible. The Reddit version is more plausible though.

My comments apply only to what was posted here.

User avatar
MP123
Posts: 795
Joined: Thu Feb 16, 2017 3:32 pm

Re: Clever phishing -- be careful!

Post by MP123 » Wed Feb 21, 2018 2:46 pm

furwut wrote:
Wed Feb 21, 2018 2:39 pm
miamivice wrote:
Wed Feb 21, 2018 2:35 pm
The story from Reddit isn't very plausible.

Read the full account at the link I posted. The phiser got access to the account by resetting the password with the “help” of the unwitting victim providing the confirmation texts. Once in they can easily lookup transaction history to further the subterfuge.
I like the "I was two drinks in" at the bar part... :beer

User avatar
Pajamas
Posts: 6015
Joined: Sun Jun 03, 2012 6:32 pm

Re: Clever phishing -- be careful!

Post by Pajamas » Wed Feb 21, 2018 2:48 pm

MP123 wrote:
Wed Feb 21, 2018 2:46 pm

I like the "I was two drinks in" at the bar part... :beer
Many good & bad things both in my life started with a couple of drinks at a bar. . . . :beer

Da5id
Posts: 2061
Joined: Fri Feb 26, 2016 8:20 am

Re: Clever phishing -- be careful!

Post by Da5id » Wed Feb 21, 2018 2:48 pm

Phishing has pretty much destroyed the usefulness of communications from folks you do business with.

Most is kind of obvious, hover over links and see them pointing to a domain in Russia rather than Wells Fargo or Facebook. See oddly worded (not by native English speaker) content. But even if something looks 100% legit I always assume it is fake. If it looks plausible, I log in using the normal pathway (not clicking a link) into the account in question and see what is up. Or call them if that seems like the right path. Sad it makes legit communications from companies rather less useful than they might otherwise be, but that is the world we live in.

annielouise
Posts: 352
Joined: Wed May 14, 2008 4:11 pm

Re: Clever phishing -- be careful!

Post by annielouise » Wed Feb 21, 2018 2:50 pm

I've had a few times when financial institutions call me and then ask me to prove who I am (Vanguard has done so). I refuse, then call them. In every instance, the original call was legitimate.

HIinvestor
Posts: 1716
Joined: Tue Apr 08, 2014 3:23 am

Re: Clever phishing -- be careful!

Post by HIinvestor » Wed Feb 21, 2018 2:58 pm

I always call back my institutions with the phone number printed on my CC or statement. I try not to take chances with all the pfishing going on. I limit most of our CC purchases to one CC and check that regularly.

User avatar
prudent
Moderator
Posts: 5771
Joined: Fri May 20, 2011 2:50 pm

Re: Clever phishing -- be careful!

Post by prudent » Wed Feb 21, 2018 3:07 pm

This thread has run its course and is locked (scam). This is a site owner decision to reduce the amount of scam threads. See: Standard Phishing/Scam Threads are now Off-Topic
Alex Frakt wrote:
Tue Oct 21, 2014 9:37 pm
dolphinsaremammals wrote:Do we really need every phishing email posted in bogleheads with a warning?
No we don't. Unless they are of some particular relevance to our members (or possibly if it's of general relevance and requires users to take actions beyond normal safe internet practices), I'm going to start removing or locking scam/spam/phishing threads as non-actionable.

Locked