> Indeed, even that very email she was sent contained a reminder not to tell it to someone on the phone.
Yes, as regular unformatted text and tucked away at the end of the very last paragraph that starts with standard boilerplate:
"If you did not request this code, or if you have questions, please call us at the toll-free number on the back of your card. Wells Fargo will not contact you by phone or text to request this code."
Worse yet, the second paragraph starts with "Important:". That implicitly signals that the most important part of the email is what follows. However, that's obviously not the case.
The email is absolutely horrible security-wise, it downplays the most important security bit while overplaying everything else.
I happened to read through the entire email while reading the story and spotted the text at the end, but I'm not that confident I would be as diligent in a real life situation, especially if I was tired, like the OP was.
Just about every regular person would easily fall for this.
Yes, as regular unformatted text and tucked away at the end of the very last paragraph that starts with standard boilerplate:
"If you did not request this code, or if you have questions, please call us at the toll-free number on the back of your card. Wells Fargo will not contact you by phone or text to request this code."
Worse yet, the second paragraph starts with "Important:". That implicitly signals that the most important part of the email is what follows. However, that's obviously not the case.
The email is absolutely horrible security-wise, it downplays the most important security bit while overplaying everything else.
I happened to read through the entire email while reading the story and spotted the text at the end, but I'm not that confident I would be as diligent in a real life situation, especially if I was tired, like the OP was.
Just about every regular person would easily fall for this.