by David Jansen
Wed Nov 25, 2009 4:43 pm
It's just a short letter with the only purpose for you to click on the link. In this case with my Fastmail account the url is disabled and replaced with a warning. Also note the sender's email address which is an yahoo account while Wells Fargo has it's own domain with their email addresses ending with @wellsfargo.com.
You have a new message
From:
"Wells Fargo" <[email protected]> [Add]
To:
Date:
Wed, 25 Nov 2009 3:47 PM (5 hours 45 mins ago)
Return-Path: <[email protected]>
Received: from compute2.internal (compute2.internal [10.202.2.42])
by store66m.internal (Cyrus v2.3.15-fmsvn20771-f904b41c) with LMTPA;
Wed, 25 Nov 2009 10:49:30 -0500
X-Sieve: CMU Sieve 2.3
X-Spam-charsets: html='Windows-1251'
X-Resolved-to:
X-Delivered-to:
X-Mail-from: [email protected]
Received: from mx6.messagingengine.com ([10.202.2.205])
by compute2.internal (LMTPProxy); Wed, 25 Nov 2009 10:49:30 -0500
X-Spam-greylist: Passed. Delay was 1183 seconds. Subnet now whitelisted for 24 hours unless spam received
Received: from nlhlaw.com (adsl-072-151-132-066.sip.mco.bellsouth.net [72.151.132.66])
by mx6.messagingengine.com (Postfix) with ESMTP id 9D6D626B
for <>; Wed, 25 Nov 2009 10:49:29 -0500 (EST)
Received: from User ([67.214.90.106]) by nlhlaw.com with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 25 Nov 2009 09:42:29 -0500
Reply-To: [email protected]
From: Wells Fargo<[email protected]>
Subject: You have a new message
Date: Wed, 25 Nov 2009 08:47:52 -0600
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <[email protected]>
X-OriginalArrivalTime: 25 Nov 2009 14:42:29.0453 (UTC) FILETIME=[837A97D0:01CA6DDD]
X-Truedomain-DKIM: None
X-Truedomain: Neutral
You have a new message from Wells Fargo.
For your protection please follow the link below to view this message securely on Wells Fargo site:
FastMail.FM WARNING: URL text and host don't match, possible phishing attempt. URL disabled. Original URL='http://wells4u.4t.com/alert.htm'. Original text='<FONT color=#0000FF><U>https://online.wellsfargo.com/das/newmsg</U></FONT>'. For more information on phishing click here.
Being a victim doesn't mean you stand alone. We're here to help you.