Phishing attacks target unsuspecting Wells Fargo customers

Over 15,000 Wells Fargo customers targeted in .ics phishing campaign

Wells Fargo Customers were targets of three phishing attacks this month.

In the most recent phishing campaign, threat actors impersonated Wells Fargo, leading its customers to phishing pages using fake calendar invites via .ics calendar file attachments. Threat actors were then able to trick unsuspecting customers into entering sensitive information and credentials.

Researchers at Abnormal Security discovered the Wells Fargo phishing campaign customers earlier this month. To date, the campaign has targeted over 15,000 customers using .ics calendar file attachments designed to direct them to phishing pages. 

“This attack impersonates a Wells Fargo Security Team member, stating that the user has been sent a new security key to protect their account, per Abnormal Security. “The body of the message urges the user to open the attachment and follow the instructions, or risk having their account suspended.”

Once a user has opened the .ics attachment, a link to a Sharepoint page directs them to click another link to secure their Wells Fargo account. This link leads to a fake Wells Fargo page that asks unsuspecting users to enter sensitive information, including their username, password, PIN and account numbers. Credentials and information submitted through the phishing page are then sent directly to the attacker.

Unfortunately, this attack wasn’t the only one that targeted Wells Fargo customers this month. Researchers at Juniper Threat Labs have been busy monitoring a new IcedID banking Trojan campaign. This campaign has used keywords like “COVID-19” and “FMLA” in email sender names and attachment names. Once it tricked an unsuspecting user into opening the email and downloading its attachment, it would collect credentials from customers of Wells Fargo and other banks.

Early this month, threat actors also used a Qbot Trojan payload to steal data from customers of various financial institutions, including Bank of America, JP Morgan and Wells Fargo. In this campaign, threat actors used keyloggers, backdoors and malware to compromise machines and harvest user credentials.

Customers can protect themselves from these campaigns by using a spam filter to protect your inbox against harmful senders and malicious attachments. Also, always verify you know who a sender is and never click on a link in an email leading to your bank’s website.

Instead, open a new browser and navigate directly to your bank’s website and enter your credentials there. If the communication is legit, it should be within your secure inbox on the bank’s website. 

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020
How to wipe a laptop easily and securely
Security

How to wipe a laptop easily and securely

5 Oct 2020