Tag Archives: Wells Fargo

Phishing And The Pop-up

Speaking to Well Fargo Online’s Wendy Grover this morning, I realised there’s a dimension to the debate about pop-ups that hadn’t occurred to me before: Phishing.

The central argument used by companies such as Wells Fargo in their long-running litigation against the likes of WhenU and Gator (now Claria) is that they confuse the user. These services, they say, hoodwink the user into downloading software that will track their browsing habits and, in the case of WhenU, replace existing ads on a website with their own. Surveys, Wendy Grover says, baffle the end user who didn’t know the software was installed and believe the pop-up ads they do see are from the website itself, not WhenU.

Until lately this was all a little academic. Privacy issues were at the fore. But now that banks and financial institutions are being targeted by sophisticated scammers who create convincing looking emails and websites to fool users into entering their passwords, it no longer seems so. If users are confused about the origin pop-ups on banking websites, then it illustrates their vulnerability to being duped by an entirely fake website. Wells Fargo themselves have been the target of several phishing expeditions.

Customers, we have to acknowledge, do not know exactly what’s going in their browser, and while educating them helps, misleading programs adding third party content don’t.  ”It’s very important that customers know where they are and where they’re entering their information,” says Grover. I’d tend to agree.

Update: Banker’s Revenge

Text
 
 The Citibank virus is now the Wells Fargo virus. This very weird, rather professional looking Trojan which Symantec calls the “Backdoor Berbew” (and I call Banker’s Revenge is becoming more sophisticated.). Here’s the text of the email, several copies of which I received this morning.
 
Dear Sir,
 
Thank you for your online application for a Business Account with Wells Fargo. We appreciate your interest in banking with us.
 
In order to open a Business Account, we must receive specific credit information that is verifiable. Because Wells Fargo has no locations in your state, we are unable to confirm the credit information in your application. Consequently, we regret to say that we cannot open an account for your business at this time.
 
Attached are your Wells Fargo Application and your Social Security File.
 
Sincerely,
 
Sherli Chin
Business Resource Center Services
Wells Fargo Bank
 
(There is at least one person called Sherli Chin out there. She graduated from Patterson High School, California, in 1968.)