Phishing attacks target unsuspecting Wells Fargo customers
Over 15,000 Wells Fargo customers targeted in .ics phishing campaign
Wells Fargo Customers were targets of three phishing attacks this month.
In the most recent phishing campaign, threat actors impersonated Wells Fargo, leading its customers to phishing pages using fake calendar invites via .ics calendar file attachments. Threat actors were then able to trick unsuspecting customers into entering sensitive information and credentials.
Researchers at Abnormal Security discovered the Wells Fargo phishing campaign customers earlier this month. To date, the campaign has targeted over 15,000 customers using .ics calendar file attachments designed to direct them to phishing pages.
“This attack impersonates a Wells Fargo Security Team member, stating that the user has been sent a new security key to protect their account, per Abnormal Security. “The body of the message urges the user to open the attachment and follow the instructions, or risk having their account suspended.”
Once a user has opened the .ics attachment, a link to a Sharepoint page directs them to click another link to secure their Wells Fargo account. This link leads to a fake Wells Fargo page that asks unsuspecting users to enter sensitive information, including their username, password, PIN and account numbers. Credentials and information submitted through the phishing page are then sent directly to the attacker.
Unfortunately, this attack wasn’t the only one that targeted Wells Fargo customers this month. Researchers at Juniper Threat Labs have been busy monitoring a new IcedID banking Trojan campaign. This campaign has used keywords like “COVID-19” and “FMLA” in email sender names and attachment names. Once it tricked an unsuspecting user into opening the email and downloading its attachment, it would collect credentials from customers of Wells Fargo and other banks.
Early this month, threat actors also used a Qbot Trojan payload to steal data from customers of various financial institutions, including Bank of America, JP Morgan and Wells Fargo. In this campaign, threat actors used keyloggers, backdoors and malware to compromise machines and harvest user credentials.
Customers can protect themselves from these campaigns by using a spam filter to protect your inbox against harmful senders and malicious attachments. Also, always verify you know who a sender is and never click on a link in an email leading to your bank’s website.
Instead, open a new browser and navigate directly to your bank’s website and enter your credentials there. If the communication is legit, it should be within your secure inbox on the bank’s website.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download