I went online the other day to pay one of my Credit Card accounts. After I finished entering my username and password I was re-directed to a page that told me my credentials were expired and I needed to re-enter them.
So I was just about to start when I realized I was being asked for a lot of information. I was being asked for my Full Name, Address, Credit Card Number, and Social Security Number. This got me to thinking, why do they want all this Information again? The web page looked like it was an authentic Wells Fargo Banking page and I was just about to start filling it in when I realized something…
When I first created my online account at Wells Fargo they didn’t ask me for a lot of the information I was being asked for now. So, I called Wells Fargo to ask why they needed all this information to reset my password. After being on hold for a few minutes, I hung up.
I suddenly realized that this was an online Phishing trap. So I closed the web page, reopened it and put in my log on credentials again and, Bingo! I was. So I decided a test was in order.
I logged out of Wells Fargo and then reentered my credentials to log back in, but, I deliberately entered the wrong password. I was redirected to exactly the same page as when I started out. A page asking for all my Personally Identifiable information. So now I knew, this was a Phishing exercise.
So what protection do you have against this? Common Sense. Like I did, think about the first time you signed up for web access. What did you have to provide? Did they ask for Social Security number? Before you start entering all this information take a moment to think, what did they need the very first time I signed up? If you do this you will quickly realize that there is NOT a legitimate web site that asks you for your FULL Credit Card Number (they know it), or YOUR full Social Security number, they also know that.
Jon Bowling, President