![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/Screenshot-12-1024x427.png\")
<\/figure>\n\n\n\nTips for Detection<\/h2>\n\n\n\n- Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts.<\/li>
- The email is not sent from a wells fargo address. Instead it is sent by “from[.]QI6fDOY6sxPqowm[@]AcreVo[.]com”<\/li>
- Hovering over the hyperlinked text reveals that the link “vk[.]cc\/cikV46?FeOvmRGXOY” which brings you to a very convincing wells fargo login page<\/li><\/ul>\n\n\n\n
Where Did the Link Lead?<\/h2>\n\n\n\n
The link led to a a site designed to collect your credentials. Never enter your username\/password on sites you do not recognize.<\/p>\n\n\n\n![\"\"](\"https:\/\/blogs.pugetsound.edu\/infosec\/files\/2022\/11\/image-1024x656.png\")
<\/figure>\n\n\n\nText of Phishing Message<\/h2>\n\n\n\n
From<\/strong>: from[.]QI6fDOY6sxPqowm[@]AcreVo[.]com<\/span>
Subject:<\/strong> You received a new letter<\/p>\n\n\n\nDear Customer: We’re are letting you know we’ve detected an unsual activity on your card
card on 11\/7\/2022 11:32:31 PM EST which may result to the closure of your account and card to ensure safety and continuous use of your card, please Click here To Process
Note: Therefore we have placed a security hold on your online access to provide better security for your protection.
Your security is our 1st priority, Thank you for being a valued client.
Sincerely, Online Banking Team<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nPlease do not reply to this automated email. 2386-148-af0e-76PJamRtTb-a2656bd3_xfaXuYAFuQ_7f41-14c<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"Original Phishing Message NOTE: If you received this message, please delete it and DO NOT click on any links. This message is not legitimate. Tips for Detection Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts. The email is not sent from […]<\/p>\n","protected":false},"author":643,"featured_media":908,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-907","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/643"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=907"}],"version-history":[{"count":3,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/907\/revisions"}],"predecessor-version":[{"id":942,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/907\/revisions\/942"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/908"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Where Did the Link Lead?<\/h2>\n\n\n\n
The link led to a a site designed to collect your credentials. Never enter your username\/password on sites you do not recognize.<\/p>\n\n\n\n From<\/strong>: from[.]QI6fDOY6sxPqowm[@]AcreVo[.]com<\/span> Original Phishing Message NOTE: If you received this message, please delete it and DO NOT click on any links. This message is not legitimate. Tips for Detection Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts. The email is not sent from […]<\/p>\n","protected":false},"author":643,"featured_media":908,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,4],"class_list":["post-907","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-phish-tank","tag-phishing","tag-phishtank"],"_links":{"self":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/users\/643"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/comments?post=907"}],"version-history":[{"count":3,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/907\/revisions"}],"predecessor-version":[{"id":942,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/posts\/907\/revisions\/942"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media\/908"}],"wp:attachment":[{"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/media?parent=907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/categories?post=907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.pugetsound.edu\/infosec\/wp-json\/wp\/v2\/tags?post=907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<\/figure>\n\n\n\nText of Phishing Message<\/h2>\n\n\n\n
Subject:<\/strong> You received a new letter<\/p>\n\n\n\nDear Customer: We’re are letting you know we’ve detected an unsual activity on your card
card on 11\/7\/2022 11:32:31 PM EST which may result to the closure of your account and card to ensure safety and continuous use of your card, please Click here To Process
Note: Therefore we have placed a security hold on your online access to provide better security for your protection.
Your security is our 1st priority, Thank you for being a valued client.
Sincerely, Online Banking Team<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nPlease do not reply to this automated email. 2386-148-af0e-76PJamRtTb-a2656bd3_xfaXuYAFuQ_7f41-14c<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"