Phishing attacks target unsuspecting Wells Fargo customers

Over 15,000 Wells Fargo customers targeted in .ics phishing campaign

Wells Fargo Customers were targets of three phishing attacks this month.

In the most recent phishing campaign, threat actors impersonated Wells Fargo, leading its customers to phishing pages using fake calendar invites via .ics calendar file attachments. Threat actors were then able to trick unsuspecting customers into entering sensitive information and credentials.

Researchers at Abnormal Security discovered the Wells Fargo phishing campaign customers earlier this month. To date, the campaign has targeted over 15,000 customers using .ics calendar file attachments designed to direct them to phishing pages. 

“This attack impersonates a Wells Fargo Security Team member, stating that the user has been sent a new security key to protect their account, per Abnormal Security. “The body of the message urges the user to open the attachment and follow the instructions, or risk having their account suspended.”

Once a user has opened the .ics attachment, a link to a Sharepoint page directs them to click another link to secure their Wells Fargo account. This link leads to a fake Wells Fargo page that asks unsuspecting users to enter sensitive information, including their username, password, PIN and account numbers. Credentials and information submitted through the phishing page are then sent directly to the attacker.

Unfortunately, this attack wasn’t the only one that targeted Wells Fargo customers this month. Researchers at Juniper Threat Labs have been busy monitoring a new IcedID banking Trojan campaign. This campaign has used keywords like “COVID-19” and “FMLA” in email sender names and attachment names. Once it tricked an unsuspecting user into opening the email and downloading its attachment, it would collect credentials from customers of Wells Fargo and other banks.

Early this month, threat actors also used a Qbot Trojan payload to steal data from customers of various financial institutions, including Bank of America, JP Morgan and Wells Fargo. In this campaign, threat actors used keyloggers, backdoors and malware to compromise machines and harvest user credentials.

Customers can protect themselves from these campaigns by using a spam filter to protect your inbox against harmful senders and malicious attachments. Also, always verify you know who a sender is and never click on a link in an email leading to your bank’s website.

Instead, open a new browser and navigate directly to your bank’s website and enter your credentials there. If the communication is legit, it should be within your secure inbox on the bank’s website. 

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021

Most Popular

Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022