Unmasking Wells Fargo Phishing Scams: A Tale of 30+ Scam Emails
At 9:11 pm BST on June 29th, 2023, I received a notification on my phone about an email from my American Bank ‘Wells Fargo’. I said American because I relocated from America to the UK via the Innovator Visa Route about three months ago to build my CyberTech company ‘TisOva’ — a digital security online scam prevention solution for college students.
When I opened the email, I immediately realized that this was another phishing scam attempt. As with what I do with most phishing email scams, I blocked the sender. However, this time, the Cybercrime Investigator in me, particularly one passionate about online safety, decided to write about this to create awareness and also share steps you can take to protect yourself from similar scams in the future.
I was curious to see how many of these scams I’ve received in the past. Shockingly, I’ve received over 30 similar Wells Fargo Phishing email scams between 11/7/22 to 29/6/23. I filtered my inbox using the scammer's sender’s email contained in the email header ‘wellsfargoonline@mail1.wellsfargo.com’.
Please note that ‘wellsfargoonline@mail1.wellsfargo.com’ is a scam email and should be treated as such.
The scammer(s) seems pretty invested to have been consistently sending such emails for about a year. This gets me wondering how many innocent individuals or businesses must have fallen victim to such scams. This further validated my desire to create awareness on the topic.
Before we delve into analyzing one or some of these phishing scams targeting Wells Fargo customers, it’s important to explain what phishing and Wells Fargo Phishing scam is.
What is Phishing?
Phishing is a fraudulent attempt used by scammers to obtain sensitive information from individuals or businesses. This sensitive information can be anything from passwords, usernames, passwords, social security numbers, security codes, or account details usually through an email. If this occurs over text message, it is called Smishing. These emails usually impersonate a government agency, business, or charity organization and they come with a high level of urgency to convince you to take quick action that’ll enable them to gain access to your information!
What is Wells Fargo's Phishing Phishing Scam?
A Wells Fargo email scam is a type of phishing attack in which scammers send email messages that claim to be from a bank — in this case Wells Fargo. The goal of the scammer is usually to make victims believe their accounts are at high risk so that they will take action as described in the email and give away personal information or send money to the scammer.
How To Tell If a Wells Fargo Email Is Legitimate or a Scam
I would be analyzing one of the scam emails received in this article and comparing this with what an actual email from Wells Fargo looks like.
Inconsistent email header:
Inconsistent information in the email header is an indication that this is a potential scam. In the example shown in the image above, you can see inconsistencies within the sender's email address ‘wellsfargoonline@mail1.wellsfargo.com’, and other sections of the email header such as the ‘mailed by’ and ‘signed by’ email address section. A legitimate email from Wells Fargo will show consistency in all sections.
How to Identify Phishing Emails
Phishing emails can be difficult to distinguish from legitimate emails. The scammers usually create fake replica websites of the company (in this case Wells Fargo) to trick the victim into signing on to a fake site, opening an email attachment containing malware, or sharing their personal or account information. However, there are common phishing warning signs to look out for.
The Email creates a sense of urgency:
If you receive an email that conveys a sense of urgency such as a claim that your Wells Fargo account is at risk or that you’ll lose money if you don’t take action immediately, that is a red flag.
No bank official will pressure or rush you into making transactions or transferring your money out of your account.
Suspicious Sender:
One was to identify a phishing email is through the sender’s email address which can be found in the email header. If this was a legitimate email from wells fargo as claimed, the sender’s email address will include wellsfargo.com. Instead, the scammer uses something very similar like wellsfargoonline@mail1.wellsfargo.com, which is not a legitimate Wells Fargo address.
See you next month for the second part of this article! Ensure to follow me on Linkedin.