An
Email with the Subject "Wells Fargo Account Owner Urgent Verification" was
received in one of Scamdex's honeypot email accounts on Mon, 19 Nov 2012 04:11:41 -0800
and has been classified as a Generic Scam Email.
The sender shows as Wells Fargo Online Banking <securityupdate@wellsfargo.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => paypal@o7e.net
[delivery-date:] => Mon, 19 Nov 2012 04:11:41 -0800
[received:] => Array
(
[0] => from swahosting.webserversystems.com ([174.122.182.210]:43984)by lester.newsblaze.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)(Exim 4.80)(envelope-from )id 1TaQCT-0000ef-AWfor paypal@o7e.net; Mon, 19 Nov 2012 04:11:41 -0800
[1] => from oikiesag by swahosting.webserversystems.com with local (Exim 4.80)(envelope-from )id 1TaQCS-0008wT-Clfor paypal@o7e.net; Mon, 19 Nov 2012 06:11:40 -0600
)
[to:] => paypal@o7e.net
[subject:] => Wells Fargo Account Owner Urgent Verification
[x-php-script:] => www.oikiesagistro.gr/images/stories/ISMAILO PHP.php for 174.140.166.248
[from:] => Wells Fargo Online Banking
[reply-to:] =>
[mime-version:] => 1.0
[content-type:] => text/html
[content-transfer-encoding:] => 8bit
[message-id:] =>
[date:] => Mon, 19 Nov 2012 06:11:40 -0600
[x-antiabuse:] => Array
(
[0] => This header was added to track abuse, please include it with any abuse report
[1] => Primary Hostname - swahosting.webserversystems.com
[2] => Original Domain - o7e.net
[3] => Originator/Caller UID/GID - [569 32007] / [47 12]
[4] => Sender Address Domain - swahosting.webserversystems.com
)
[x-source:] => /usr/bin/php
[x-source-args:] => /usr/bin/php /home/oikiesag/public_html/images/stories/ISMAILO PHP.php
[x-source-dir:] => oikiesagistro.gr:/public_html/images/stories
[x-spam-status:] => No, score=2.8
[x-spam-score:] => 28
[x-spam-bar:] => ++
[x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: This is an Alert to help manage your online banking access. Dear Wells Fargo Online customer, Wells Fargo Online Banking has been receiving complaints from our customers for unauthorised uses of Wells Fargo Online Banking accounts. As a result we are temporarily shutting down some selected Wells Fargo Online Banking Accounts perceived vulnerable to this, pending till the time we carry out proper verification by the account owner. Wells Fargo is committed to ensure the safeguard of each customer personal information, making sure only authorised individuals have access to their accounts. [...] Content analysis details: (2.8 points, 4.0 required) pts rule name description---- ---------------------- ---------------------------------------------------0.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 1.2 TVD_PH_BODY_META_ALL TVD_PH_BODY_META_ALL
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
This is an Alert to help manage
your online banking access.
Dear
Wells Fargo Online customer,
Wells Fargo Online Banking has been receiving complaints from our customers for unauthorised uses of Wells Fargo Online Banking accounts. As a result we are temporarily shutting down some selected Wells Fargo Online Banking Accounts perceived vulnerable to this, pending till the time we carry out proper verification by the account owner. Wells Fargo is committed to ensure the safeguard of each customer personal information, making sure only authorised individuals have access to their accounts.
As a first step to have Your Wells Fargo Online Banking Access reactivated please verify your identity by using the link provided below:
These instructions are sent to and should be followed by all Wells Fargo Online Banking
clients,to avoid service deactivation after the verification is completed.
We apologise for any inconveniences and thank you for your cooperation.
Ashley Machin,
Digital Banking Director
Thank
you,
Customers
Support Service.
