IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Phishing attacks target unsuspecting Wells Fargo customers

Over 15,000 Wells Fargo customers targeted in .ics phishing campaign

Wells Fargo Customers were targets of three phishing attacks this month.

In the most recent phishing campaign, threat actors impersonated Wells Fargo, leading its customers to phishing pages using fake calendar invites via .ics calendar file attachments. Threat actors were then able to trick unsuspecting customers into entering sensitive information and credentials.

Researchers at Abnormal Security discovered the Wells Fargo phishing campaign customers earlier this month. To date, the campaign has targeted over 15,000 customers using .ics calendar file attachments designed to direct them to phishing pages. 

“This attack impersonates a Wells Fargo Security Team member, stating that the user has been sent a new security key to protect their account, per Abnormal Security. “The body of the message urges the user to open the attachment and follow the instructions, or risk having their account suspended.”

Once a user has opened the .ics attachment, a link to a Sharepoint page directs them to click another link to secure their Wells Fargo account. This link leads to a fake Wells Fargo page that asks unsuspecting users to enter sensitive information, including their username, password, PIN and account numbers. Credentials and information submitted through the phishing page are then sent directly to the attacker.

Unfortunately, this attack wasn’t the only one that targeted Wells Fargo customers this month. Researchers at Juniper Threat Labs have been busy monitoring a new IcedID banking Trojan campaign. This campaign has used keywords like “COVID-19” and “FMLA” in email sender names and attachment names. Once it tricked an unsuspecting user into opening the email and downloading its attachment, it would collect credentials from customers of Wells Fargo and other banks.

Early this month, threat actors also used a Qbot Trojan payload to steal data from customers of various financial institutions, including Bank of America, JP Morgan and Wells Fargo. In this campaign, threat actors used keyloggers, backdoors and malware to compromise machines and harvest user credentials.

Customers can protect themselves from these campaigns by using a spam filter to protect your inbox against harmful senders and malicious attachments. Also, always verify you know who a sender is and never click on a link in an email leading to your bank’s website.

Instead, open a new browser and navigate directly to your bank’s website and enter your credentials there. If the communication is legit, it should be within your secure inbox on the bank’s website. 

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Twilio account breach result of sophisticated social engineering campaign
Security

Twilio account breach result of sophisticated social engineering campaign

9 Aug 2022
Over 200,000 DrayTek routers vulnerable to total device takeover
Security

Over 200,000 DrayTek routers vulnerable to total device takeover

3 Aug 2022
Data on 69 million Neopets users stolen and listed for sale on hacker forum
Security

Data on 69 million Neopets users stolen and listed for sale on hacker forum

21 Jul 2022
HackerOne employee fired for using position to steal bug bounties
Security

HackerOne employee fired for using position to steal bug bounties

4 Jul 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022