web analytics

Phishing domain takes advantage of Wells Fargo subdomain structure

ZFBot

Domain phishing is one of the primary techniques cybercriminals use, in order to steal personal and financial information.

Posing as legitimate web sites such as banks, phishing emails direct their unsuspecting victims to a portal that resembles that of a major, reputable institution.

To make things more believable, cybercriminals study and often replicate the full URL structure of bank portals.

One such example is Wells Fargo and their payments portal, connect.secure.wellsfargo.com.

Cybercriminals hiding behind a Chinese domain registrar’s WHOIS, have registered the domain ConnectSecureWellsFargo.com.

The domain was registered today, according to DomainTools.

The server appears to be using Russian nameservers with IPs in France. Here’s what the fake Wells Fargo portal looks like.

wells-fargo-phishing

Fake Wells Fargo portal, saved from ConnectSecureWellsFargo.com

Part of the problem is the long subdomain structure used by Wells Fargo, that can be emulated by registering the longer domain. Ideally, no such long structure should exist.

If you receive emails asking you to click on a link in order to log into your bank or other account, or to update your information, always type in the destination in your browser or from your saved bookmarks.


Facebooktwittergoogle_plusredditpinterestlinkedinmail
Copyright © 2019 DomainGang.com · All Rights Reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

 characters available