A number of Scamicide readers have sent me copies of phishing emails that appear to come from Wells Fargo. One of them is reproduced below. It makes for compelling reading, but it is a scam. Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur. Copied below is a new phishing email presently being sent to unsuspecting people that appears to come from Wells Fargo. This particular one comes with a Wells Fargo logo, but was sent from an email account that had no relation to Wells Fargo which is a clear indication that this is a scam. Most likely the email address from which it was sent was from an email account of an innocent person whose email accounts was hacked and made a part of a botnet used to send out phishing emails. I have disarmed the link which was found where the email indicates “sign on to your account at wellsfargo.com” and at the bottom of the email . If you had hovered your mouse over the link when it was active you would have seen that the link was from an address unrelated to Wells Fargo.
Here is a copy of the phishing email.
From: “Wells Fargo” <email@example.com>
Please validate your email address now
For your security, we need you to validate your email address to view your accounts and complete your security update in Wells Fargo Online. You have 1 day(s) to validate your email address or your online account access will be canceled.
How to validate your email address:
Simply sign on to your account at wellsfargo.com and follow the instructions to enter your 6 digit validation code. Entering the code below will validate this email address.
Validation Code: 378532
If you have any questions, we’re available at 1-800-886-4442, 24 hours a day, 7 days a week.
Legitimate emails from your bank would include the last four digits of your account and include your name. This email had neither. Obviously, if you are not a Wells Fargo customer, you will recognize immediately that this is a scam. As with most phishing emails, this one attempts to lure you into clicking on the link by threatening you with loss of access to your account if you do not provide the requested information.
As with all phishing emails, two things can happen if you click on the links provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft. If you receive an email like this and think it may possibly be legitimate, merely call your bank or other institution from which the email purports to originate at a telephone number that you know is accurate and you will be able to confirm that it is a scam.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”