Wells Fargo Scam Alert
A very professional e-mail with links to what appears to be the Wells Fargo online banking Web site is being reported by employees. The e-mails are not legitimate and are actually phishing or spoofing e-mails that create a "screen" over the bank's official Web site to filter your personal information to the fraudsters.
Some of the Company's employees are receiving e-mails from "Wells Fargo" asking them to follow a link and verify personal information. The message appears to be official and implies the recipient's account has already been compromised and the bank needs more information to protect the employees from further fraudulent activity. Be on the lookout for a message with the following information:
Dear Card Member,
Continuous monitoring is an integral part of Wells Fargo's multiple layers of security. In addition to other fraud monitoring tools, we can often spot fraud based upon transactions on the card that are outside of cardholder's typical purchasing pattern. This allows us to spot fraudulent activity as quickly as possible and acts as an early-warning system to identify fraudulent activity.
During a recent checkout we detected suspicious activity and your account may have been compromised. Fraudulent activity made it necessary to limit your account for online services. Conform to our security requirements and in order to continue online services, we must validate your identity. Please use our link below to proceed.
If the link in your e-mail message does not work, please copy and paste it into your browser.
Thank you for using Wells Fargo Online Account Services.
Wells Fargo Services
Online Account Services customer hotline at 1.800.642.4720
One of our employees has reported receiving the above e-mail. She opened it, clicked the link and logged into her bank accounts. The Web site asked her to input a significant amount of personal information for "verification" purposes. This allowed the fraudsters to get her login information (Social Security number and password) to Wells Fargo online banking.
The next day, she received an online notification from the real Wells Fargo bank that her account balance had changed. She checked the account, only to find an online bill pay to a Bank of America account of $9,500! The fraudsters were very sophisticated, turning off the online bill-pay notification on her profile, so she wouldn't receive an immediate notification of the outgoing funds.
The employee acted swiftly in contacting both Wells Fargo and Bank of America to retrieve the money. Bank of America froze the receiving account, so the fraudsters couldn't obtain the cash. Wells Fargo reimbursed her account within a week. However, her husband's and her identity was still compromised, because the fraudsters have their names, home address, zip code, account numbers, passwords and her Social Security number.
Here are some of the steps they have taken to minimize future fraudulent activity:
- Filed a claim with the bank and with local law enforcement.
- Closed the accounts and opened new accounts at a different financial institution.
- Changed their Post Office Box and opened a new Post Office Box in a different zip code, because typically all you need to verify on a credit card is the zip code. (Thank goodness the address they use is a P.O. Box.)
- They already had a triple alert account with Experian® and reported the theft to all three credit bureaus. Experian placed a seven-year credit alert on their account.
- Cancelled all debit and credit cards.
- Spent numerous hours on the phone and drafting letters to creditors, insurance companies and mortgage companies authorized to auto-debit their old accounts.
- Shared their story through Fraud Insights to help protect others from falling prey to this scam.
What is phishing and how can you protect yourself? Fraudsters "phish" by sending out e-mail messages that purport to come from legitimate businesses featuring corporate logos and familiar formats the recipient might already have accounts with. These messages ask for verification of personal data; account numbers, passwords, mailing address and even Social Security numbers. These e-mails look so official that some recipients might respond to them, resulting in financial losses, identity theft and other fraudulent activity against them.
Following are a few common phrases included in a phishing scam:
- Verify your account
- If you don't respond within 48 hours, your account will be closed
- Dear Valued Customer
- Click the link below to gain access to your account
These e-mails are rarely personalized because they are a phishing expedition and the fraudsters don't even know who or what they might be able to "catch." Most companies do not solicit your passwords, login names, Social Security numbers or other personal information through e-mail. Impersonal e-mails alone should raise suspicions. Often there is sense of urgency to encourage you to respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised.
The links included in these e-mails might contain all or part of a real company's name and are usually "masked," meaning the link you see does not take you to the intended address, but somewhere different, usually a phony Web site that captures personal information for fraudulent use.
Do not fall victim to these types of scams. Be aware of the signs and if you are unsure, call to verify. Do not use the phone number listed on the e-mail. Use a number you already have on file. These scams can be costly and time consuming to correct and can compromise your personal information for an extended period of time. Be alert, be aware and be smart!