Phishing email

Wells Fargo - Phishing Email


Wells Fargo & Company is an American multinational banking and financial services holding company which is headquartered in San Francisco, California, with "hubquarters" throughout the country.

It is the fourth largest bank in the U.S. by assets and the largest bank by market capitalization. Wells Fargo is the second largest bank in deposits, home mortgage servicing, and debit cards.

This email was sent from Australia IP addres, sent envelope-from wellsfargo_alert@wellsfargo.com.

As you see, it looks pretty innocent, but once you click on  Sign in to eBanking, they wil redirect you to a phishing URL. You may see the difference in the pictures below. The websites look exactly the same, but the one in the right has a phishing URL, and all your personal information will be used for dangerous purpose. Cellopoint was able to detect this kind of phishing, but users must be careful when opening and clicking on suspicious links.

Adobe - Spam Case


This email seems it has been sent by a client, stating a purchase order. This was found from an Italian email address.

Once the victim download the attachment and open the page, the virus displays the following text: "This document is protected by a password, click here to log in and unlock the files."

After clicking on the HERE page, it will jump to the following page. Note the domain address bar, which is obviously a phishing scams,

Cellopoint strongly recommends not to arbitrarily clicking on URL link or download attachments from unknown recipients. Unless the customer has confirmed the order, otherwise it could be a virus that infects your entire server.

American Express - Phishing Sample


The Following is a case from a phishing email, pretending to be American Express.

As you may see from their domain, it is clearly a forgery, that's why should be attentive. On the other hand, it seems like an official email, since when clicking on the bottom 'Contact Us' link it is indeed the real American Express website.

That's why we recommend to be more attentive to these message, and ask personally your bank regarding this kind of emails.

Starbucks - spam example


This fake Starbucks spam email uses social engineering tactics. The similar green background gets the customers to trust.

The sender IP (192.65.243.12) is from America.

According to this email, AT&T has sent you a Starbucks Card eGift valued at $20. The email instructs you to click a button to print out your Starbucks Card. It’s said that you can use the card at any participating Starbucks store. The email even includes a 'Card Security Code'.

But when you click on the 'Print Your Gift' link, you probably download the malware. Although you can still open the computer, spammer might open backdoors and install further malware. Your personal data might be stolen, which could cause severe problem.

VISA - spam example


 "Phishing" refers to the emails, which acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a legal enterprise or individual. Phishing emails lure cardholders to browse fake website and enter your credit card information, like card number, credit card expiration date, ID number, date of birth, credit card verification code, passwords etc

This Phishing email is from Italy.
“Dear User,
as part of our security measures, please verify your account.
VISA invites you to join and help that we update your personal information.
The process is simple:
Click here (the Link)......"

The following screenshot shows the phishing website. The most easy way to spot a fraudulent site is by looking at its URL. The safer way is to log in from official website. A few extra steps that take less than 5 seconds but can save a lot of frustration in the end.

HSBC - spam example


„You have a new e-Message from HSBC.co.uk. This e-mail has been sent to you to inform you that we were unable to process your most recent payment. Please check attached file for more detailed information on this transaction….“

You can judge from header that the sender IP is from Peru (190.81.193.83). The spamer not only copy the logo from HSBC, but cunningly change the envelope-from to @hsbc.co.uk, for the purpose of deceiving the receiver.

Following screenshot is the test result of the attachment from Virustotal. Your account information might be stolen, when you thoughtlessly open the suspicious attachment. We recommend that you install an anti-virus software and update it regularly with new versions from the Internet, which can reduce your risk of identity theft.

iTunes - spam example


The phishing email is sent from United States Santiago. The email states that the receiver’s apple account is suspended and the account should be verified or it will be deleted.

The Header:

This type of phishing attacks use social engineering tactics, which deceive the user to click the buttom of “Verify Apple”. The Hyperlink leads to phishing websites, which disguides as i Tunes’s page. Spammer aimes at stealing Apple ID and personal account and further get the credit card numbers from i Cloud or i Tunes.

Phishing website:

Cellopoint reminds you not to visit un-trusted websites or follow links provided by unknown or un-trusted sources, which can result in severe damage.

Apple - spam example


It is a fraudulent email claiming to come from Apple Inc. The receivers are asked to click the link to validate their apple ID.

The email looks genuine and the content is almost the same as an apple notification. And the sender address is secure@apple.ssl.co.uk, which is hard to judge the authentication. But if you mouse over (but don't click) the link in this email, you will see a pop-up that shows you the actual URL to appid1.co.uk/mod.php, which is a phishing apple website.

This phishing email attempts to fraudulently acquire personal information and apple ID from you, and further get your credit card information of i Cloud and i Tunes. The best way to prevent is not to click on the link in suspicious email, but open a new browser and manually type in the address.

Alibaba - spam example


Following is a phishing email. With the same logo and color, the email is almost like a genuine notification from Alibaba website. It uses social engineering techniques to deceive the recipients.

It’s written in subject line and email body that the recipients are asked to confirm the email address. All the links in email are genuine, except the “Confirm Email Address” button, which leads to a phishing website. Another way to distinguish is that they often start off with a general salutation instead of personalized names. And in this case it goes on saying : Dear customer.

We can judge from the header that the email is from medmail.med.ualberta.ca, which is apparently different from a normal Alibaba email.

The spammers smell the opportunity of e-commerce and want to benefit from it. So we would advise you to double check whenever you have to type your personal data, which can effectively prevent the unnecessary cost of time and money.

PayPal - spam example


It is a phishing email in Italian claiming to be a notification from PayPal. The recipients are asked to renew the account information to continue using the services. And the link actually connects to a phishing website. The user interface of a phishing website looks usually realistic that lets the user unconsciously supply the personal data and credit card information.

We can take notice that a real PayPal email will greet you by your first and last name. However, this email starts with a generic greeting ”Gentile Cliente”. (= dear client) And you can find the hidden words (showed in the following screenshot), when you highlight the sentence.

We advise you to be sensitive to the link from suspicious email. Instead of clicking on the link, it’s better to log in in official website then to give your personal information.