Beware Of issues with Wells Fargo emails


First of all they really do not know how to do their mx records correctly which make the phishing, key loggers, spyware, malware attacks easier
Today a took a tech call and one of my resellers client (who was a Title Company) needed an email from “Wells Fargo” well they also have a division called prosperitymortgage.com that routes there email through Wells Fargo and claims to be Well Fargo via MX Records. No Wonder folks and companies like myself quarantine Wells Fargo emails..
Below is an example of bad Well Fargo email headers notice the mail headers but this looks like a perfectly good email from Well Fargo

Wells Fargo eMAIL

Date:Wed, 26 Jun 2013 09:09:02 -0700 (PDT)
From: “Wells Fargo Online” Add sender to whitelist
To:
Subject: Your Response Needed Add subject to whitelist
X-Katharion-ID:1372262942.93411.ams1-mh575
Return-Path:
Received:from smtp-12.idc2.mandic.com.br ([177.70.124.66]) by ams1-mh575.smtproutes.com [(5.10.67.89)] with ESMTP via TCP; 26 Jun 2013 16:09:02 +0000
Received: by smtp-12.smtp.mandic.prv (Postfix, from userid 491) id E8EAF800EA7; Wed, 26 Jun 2013 13:08:51 -0300 (BRT)
Received: from User (unknown [74.7.133.226]) by smtp-12.smtp.mandic.prv (Postfix) with ESMTPA id D8D9D800B09; Wed, 26 Jun 2013 13:08:28 -0300 (BRT)
Date: Wed, 26 Jun 2013 12:08:38 -0400
MIME-Version: 1.0
Content-Type: text/html; charset=”Windows-1251″
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
XMandicAuth:a80c7Apwb5eW3iUTMfCulGN028VADIuIhqsjYZqFlAwCZUlqvJfNlk8clyalDDfBFPjQjyylONFlMYjML1uOaw==
Message-Id:<20130626160900.E8EAF800EA7@smtp-12.smtp.mandic.prv>

Message: Your Response Needed
Message Part 1: text/html; charset=”Windows-1251″
Dear Customer,

We have recently determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the login. It is now important to re-confirm your account information to us.

To confirm your Online Banking records click on the following link:
confirm your Online Banking records (This was a bad link)

Thank you for your patience in this matter.
Wells Fargo Online & Co. Security Center
2013 Wells Fargo Online& Co. All Rights Reserved

The point of all this is if you hire great techs that really know what they are doing are worth every dime they charge you to protect you. Some are more expensive than others, Personally for my time I charge $500.00 an hour and I am worth every cent. If clients listen to me and let me mange there security then they do not get billed my clock time.

IF you must use Well Fargo as a Bank (which personally I would drop due to their practice and tech skills)

White list mx1.wellsfargo.com, mx2.wellsfargo.com, mx3.wellsfargo.com which should protect you from Malware issue’s and at least give you a piece of mind
MspPortal Tech Team

Tags: , , , , , , , ,

Comments are closed.

%d bloggers like this: