LOL. The bottom links are pretty funny. My guess is they were embedded by whatever free domain company the hacker used to set up the page.

"if there are links on the bottom of your bank's website page for online casinos, drug rehab, and no deposit bingo, it's not your bank's website."

How else do you expect them to repay the TARP money?

I wonder what happens when you click on the "Learn how to protect yourself against fraud and identity theft" link.

You'd think since they are referring to wells fargo's website that their technical people would be on to the phishing sites address?

@alternatestory: You get to play "No Deposit Bingo"?

My favorite part is they didn't take the time to rip the flash content. The huge ad rollovers are a dead give away.

@alternatestory: Ha! I was just thinking about that. You probably have to enter in all of your personal information, name, ss#, date of birth, mother's maiden, etc to "verify" that your account is currently safe. I came very close to falling for a phising email I received while studying abroad in Europe. The email was sent to notify me about irregular activity and transactions in my bank account and told me that I needed to verify my account information or my account access would be cut of by xx/xx/xxxx date. Having been denied at an ATM the day before, I was already in panic mode because it was the weekend and couldn't get cash out while on a weekend trip to Spain. Lucky enough for me I was wise enough to realize most banks will not ask for all of your personal information and entire financial history to "verify" your account information.

I've been getting emails from "Wells Fargo" for a couple years. I'm not even their customer. The emails themselves look pretty convincing.

@lilspooky: Do you mean to say that the real Wells Fargo site doesn't have ads for online gambling and drug rehab?

Funny, Firefox let me go right to the page but IE stopped me dead in my tracks. Microsoft is actually ahead of the curve? Must be a rip in the space/time continuum.

The owner of the site is using formbuddy.com to store form posted data (probably the free version). I just filed an abuse report with formbuddy. From the html you can see that his formbuddy username is jwhite009.

It's because T35 is a host and they provide free space that is what it is blahblah.t35.com.

That is T35's way of making money. I sent them an email letting them know about it at abuse@t35.net.

One time I received an email from Wells Fargo, with a weird URL (apparently for tracking purposes), offering me $5 to sign into my account (Who does that? $5 because you "missed me"?). It used my real name, $5 was too low to raise any Nigerian 419 flags, so I blithely complied like a sucka.

It was indeed legit (at least I got the $5 6-8 weeks later as promised in the terms and conditions and the IPs and all that were clean), but someone deserves to be fired for sending out an email that had all the traits of a phishing email.

You're not supposed to aid in the confusion, Wells Fargo.

@khisel:

Firefox blocked me. Probably got reported to them later.

@midwestkel: Looking into more I saw that the form he is using is from FormBuddy.com (I contacted them) and that his user is "jwhite009."

I searched it on Google and didn't really find anything except this: [www.itworld.com]

Heh heh... Freddie Got Fingered...

@khisel: Firefox and Chrome let me access it as well. I thought Google was better at protecting us from ourselves than that.

@khisel: It probably depends on your browser settings. On a clean install of Firefox, it blocks it, but if you've already adjusted your settings to stop giving you those messages, it lets you go through.

I never click on a link that a bank or credit card sends me. If I'm interested in whatever it is their offering, I call them up to verify.

Good luck dealing with Wells Fargo. It took me a week just to close my checking account with them last year. The first 3-4 people you talk to won't even know what "phishing" is and will hang up on you if you take more than 30 seconds explaining it to them.

Well shit, I am that "friend" I work with computers all day, and I'm on the net 18 hours a day, and every time I would get a phishing I would notice right away, before I clicked on the link, I looked at the link address (mouse over) and I made sure that it was wellsfargo.com till after I found out that was also fake, LOL?

Two things that made me believe it was wellsfargo.com?

1) New account
2) I had just activated the ATM card not at a wells fargo atm, it was a Target store, weird.

Oh well, was on the phone with them for like 30 minutes, and all those questions felt more like a survey, so I'm kind of upset that it took that long for them to fix an error on my part, I guess we can use this for part 2?

Part 3? tomorrow I'm closing my account, I ain't letting no fuckin hacker take all of my $28.89 :o

@Michael Belisle: Yeah. My credit union has twice sent me warnings addressed to the wrong first name, looking like it was written by a six-year-old, including clickable links. As you say, not helpful.

@alternatestory: I'm sure you learn how to do just that, the hard way.

Last Friday someone apparently tried to buy some airline tickets using my debit card number ($1500). I got an email from the Bank Of America fraud dept and they had a link for me to log into my account and verify some transactions. I was weary at first but then I received a phone call with the same information and a text message. Thank you BOA!! They don't f#$k around when it comes to someone using your card!!

@alternatestory: With the exception of the ads, the links all take you to the expected page on Wells Fargo's actual site. Boring, I know.

@SnoopyFish:

Or you, for that matter. I left them when the assholes shut off my debit card as I was moving across the country. They didn't even bother to call me; just shut off my card because my using it in different states seemes suspicious to them. Fuck B of A.

@pepelicious: Don't bother with "phishing". Talk about "identity theft" and ask to be connected to their security and fraud department.

@malofx: Suggestion for security conscious consumers: Don't click on the email link even if it looks legit. Click on your bookmark link for the real website or Google it if you don't have it bookmarked. Is it worth risking your account information to earn that "earn 2,000 bonus points" reward for clicking a special link in an email that probably is, but may not be, legitimate?

Think of the "opportunities" you lose by ignoring email marketing pitches as insurance premium paymentss for your peace of mind.

I think it's very irresponsible for Chris to even provide a link to such sites.
it might be a phishing site now, in 5minutes it can start hosting an infected page that can affect large number of consumerist visitors.
additionally you are increasing that page's search engine ranking.
providing a screenshot should be sufficient.
instead of posting urls to a phishing site here, you should submit it to [www.phishtank.com]

PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.

@Mxx: Considering the site has already been reported (and is being blocked in modern browsers) and like a responsible ISP, the company hosting the site has removed it and taken proper action... you're a little late.

There is a standard rule of, "Never click on a link in an email." Log in through your normal PASSWORD PROTECTED procedure. Again, NEVER CLICK ON A LINK IN AN EMAIL to go to a web sight that has your personal information on it.

Oh ho the Wells Fargo Wagon is a-comin' down the street, oh please let it be for me!
It could be curtains!
Or Dishes!
Or a double boiler!

my high end security appliance detected spyware on that website. DO NOT CLICK IT. Either it's always had it, or the sleezy site owners discovered Consumerist's traffic and put the Adware up. DO NOT CLICK IT.

@floraposte: I got an e-mail from a local bank where the sender was just an employee's name. It didn't help that the employee's name is a common name spelled oddly. It was a legit e-mail but I wouldn't know that from reading who the Sender was. "Bank" e-mails should be sent from "Bank" not "Dan Tomaus".

@tbax929: I had a co-worker who complained that BoA shut her card down every semester because she bought her school stuff with it. Apparently buying expensive textbooks looks suspicious.

@veg-o-matic: ...what?

Is this a reference to an ad?

I get phony emails all the time claiming they're from Bank of America. And I am a BoA customer so I wonder if someone hacked into their system to get my name and email addy.

@midwestkel: I got emails back from the hosting company and the place where the form was created, both account have been deleted.

@Rectilinear Propagation: Are you unfamiliar with the wonderful greatness of the Music Man??!? And the Wells Fargo Wagon??!? (film version unvailable.. sad.)

We had to watch this and Oklahoma repeatedly in my elementary school music classes.. kinda embedded in my brains now.

I had an issue like this Citibank a few months ago (not the scamming, just online info). I received a new card, and couldn't log on my online banking. When I tried to re-activate, they wanted EVERYTHING: My account number, pin AND online passcode. I was skeptical so I called the bank and they assured me that this was their regular procedure. I actually had them take me step by step to re-active my online account. I dunno. I sometimes think that I should stay away from anything online eventhough it makes my life easier.

@Andi Lee: it's not too late to avoid the mistake the next time it could happen with much worse consequences.

Maybe 20 years of "Cool Hand Luke" hard time prison would be a deterrent to these crooks. The old "slap on the wrist" does nothing to stop them.

If someone got my info they would be an instant hundredaire!

Too bad the site is bawwwleted.

@ohsoxx: Samey for me and BofA. I've been getting emails since 2002 warning that my "account" there is compromised, so I just never get one.

Why would you link to their site? You're just giving them Ad revenue!