Phishing attacks target unsuspecting Wells Fargo customers

Over 15,000 Wells Fargo customers targeted in .ics phishing campaign

Wells Fargo Customers were targets of three phishing attacks this month.

In the most recent phishing campaign, threat actors impersonated Wells Fargo, leading its customers to phishing pages using fake calendar invites via .ics calendar file attachments. Threat actors were then able to trick unsuspecting customers into entering sensitive information and credentials.

Researchers at Abnormal Security discovered the Wells Fargo phishing campaign customers earlier this month. To date, the campaign has targeted over 15,000 customers using .ics calendar file attachments designed to direct them to phishing pages. 

“This attack impersonates a Wells Fargo Security Team member, stating that the user has been sent a new security key to protect their account, per Abnormal Security. “The body of the message urges the user to open the attachment and follow the instructions, or risk having their account suspended.”

Once a user has opened the .ics attachment, a link to a Sharepoint page directs them to click another link to secure their Wells Fargo account. This link leads to a fake Wells Fargo page that asks unsuspecting users to enter sensitive information, including their username, password, PIN and account numbers. Credentials and information submitted through the phishing page are then sent directly to the attacker.

Unfortunately, this attack wasn’t the only one that targeted Wells Fargo customers this month. Researchers at Juniper Threat Labs have been busy monitoring a new IcedID banking Trojan campaign. This campaign has used keywords like “COVID-19” and “FMLA” in email sender names and attachment names. Once it tricked an unsuspecting user into opening the email and downloading its attachment, it would collect credentials from customers of Wells Fargo and other banks.

Early this month, threat actors also used a Qbot Trojan payload to steal data from customers of various financial institutions, including Bank of America, JP Morgan and Wells Fargo. In this campaign, threat actors used keyloggers, backdoors and malware to compromise machines and harvest user credentials.

Customers can protect themselves from these campaigns by using a spam filter to protect your inbox against harmful senders and malicious attachments. Also, always verify you know who a sender is and never click on a link in an email leading to your bank’s website.

Instead, open a new browser and navigate directly to your bank’s website and enter your credentials there. If the communication is legit, it should be within your secure inbox on the bank’s website. 

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
FedEx and DHL phishing emails target Microsoft users
phishing

FedEx and DHL phishing emails target Microsoft users

24 Feb 2021
Hackers are using Google Alerts to help spread malware
hacking

Hackers are using Google Alerts to help spread malware

22 Feb 2021
North Korea expected to increase cyber attacks due to COVID struggles
hacking

North Korea expected to increase cyber attacks due to COVID struggles

22 Feb 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Oxford University COVID lab falls victim to hackers
hacking

Oxford University COVID lab falls victim to hackers

26 Feb 2021
Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021