Phish of the Day: Wells Fargo

Received a phish from 217.220.34.229 (worf.webintouch.com) on Sat, 16 Apr 2005 20:30:05 +0000. Text is as follows, although I've removed certain links to graphics at the actual wellsfargo.com site so as not to use their images without permission.

Dear Wells Fargo Customer, We are glad to inform you, that our bank is switching to new transactions security standards. The new updated technologies will ensure the security of your payments through our bank. Both software and hardware will be updated. We kindly ask to confirm your card details here: https://online.wellsfargo.com/ If you are not enrolled with Online Banking please Click Here https://online.wellsfargo.com/verify/ We offer you a new convenient and safe high-quality level of service to handle your card. Thank you for your support. Wells Fargo Service Department

The actual link is not to Wells Fargo, of course, but to http://82.79.70.26/ (for the first link), or http://82.79.70.26/verification.php (for the second). According to WHOIS data, that IP address is somewhere in deepest darkest Romania. When I inspected the site, I noted that it was using a fairly old Internet Explorer trick to cover up the address bar with the real Wells Fargo address. In general, I recommend using a browser other than Internet Explorer whenever possible. Firefox is an obvious choice.