How to spot, avoid, and report Wells Fargo phishing emails

What is a Wells Fargo phishing email?

A Wells Fargo phishing email is a scam designed to trick you into giving away personal information by pretending to be from Wells Fargo. These phishing emails often look convincing because they use the company’s branding to deceive you. Wells Fargo phishing attacks may vary, but the goal is always the same – to steal your money. Once scammers access your bank account, they can withdraw funds, sell your information on the dark web, or use the account for money laundering.

How does a Wells Fargo phishing scam work?

While Wells Fargo phishing emails can evolve and look more convincing, it’s still likely that the scam will follow these five stages:

1. You receive an email that claims to be from Wells Fargo. Scammers will use the company’s logo and banners to make this email look more legitimate.
2. Scammers will say there is an issue with your account.
3. If you click the provided link, you’ll be taken to a fake version of the Wells Fargo website.
4. Scammers will ask you to complete identity verification and provide personal information.
5. Scammers may redirect you to the real Wells Fargo website.

Examples of Wells Fargo phishing emails

Scammers constantly improve their tactics to trick people into revealing personal information or sending money. What’s worse, some scammers use artificial intelligence to make their phishing emails look more legitimate.

Watch out for some of the most common Wells Fargo email scams, including:

1. “There’s unauthorized activity on your account”

Scammers often claim there’s unauthorized or suspicious activity on your account, urging you to investigate immediately. They might even add fake sign-in details, such as an IP address or date, to make it seem more realistic. To reactivate or secure your account, scammers will ask you to click the link they provided and submit your personal information.

Signs it’s a scam:

• Urgent or threatening language.
• Grammatical errors or an unusual sentence structure.

2. “We have updated your contact information”

This scam is particularly sneaky because it plays on your fear of being hacked. In this phishing attack, scammers will say that your contact information has been changed. You’ll be asked to click a link to learn more, but clicking will send you to a malicious website.

Signs it’s a scam:

• Blurry logos or unprofessional design.
• You log in directly to your account and don’t see any changes.

3. “Your account has been frozen”

Watch out for fake emails claiming your account is frozen. Scammers will say there’s been some suspicious activity or that your account violated their standards, and you need to click a link to reactivate your account. However, these links lead to malicious websites where you can fall victim to data theft.

Signs it’s a scam:

• You need to send personal information to “unfreeze” your account.
• The link is either shortened or looks suspicious.

4. “You’ve won a giveaway”

If you won a giveaway that you never even entered, chances are that it’s a scam. Most people get excited about winning, so fraudsters expect you to follow their demands to claim your prize. If you’re unclear whether Wells Fargo is running any promotion, visit their website or call their customer support line.

Signs it’s a scam:

• You didn’t enter any contest.
• The reward seems too good to be true.
• You need to pay for your prize.

What to do if you click on a phishing email

If you click on a phishing email, don’t interact with it further. Instead, follow these steps to protect yourself:

• Mark the email as spam. This step helps your email client identify and block future phishing attempts, and it may protect other Wells Fargo customers.
• Check your bank account. Log in through the official bank website and look for any suspicious activity. If you see any red flags, inform your bank immediately.
• Sign up for Wells Fargo’s security alerts. These alerts notify you of suspicious transactions or other activities that raise red flags.
• Scan your device for malware. Clicking on a phishing link can sometimes download malware onto your device. Use anti-malware software to run a full scan for ransomware and spyware. It’s best to avoid any online activities until this step is done.
• Check for identity theft. NordVPN’s Dark Web Monitor feature provides instant alerts about leaked credentials found on the dark web.

How to report a Wells Fargo phishing email

Whether you’ve just opened a Wells Fargo phishing email or clicked on any attachments or links, it’s always a good idea to report such phishing attempts to Wells Fargo by forwarding the email to reportphish@wellsfargo.com.

Here’s how to safely forward the phishing email to Wells Fargo:

1. Select the phishing email and click the “⋮” button.
2. Click “Forward.”
3. Add a subject line, briefly explain the situation, and send the email to the reporting address.

Depending on your situation, you can also contact Wells Fargo representatives at two different numbers: 866-867-5568 if you clicked on a phishing link or an attachment and 800-869-3557 if you’ve shared personal and financial information with the scammers.

How to avoid Wells Fargo phishing scams

Phishing emails are not going away anytime soon, so knowing how to avoid them is the best course of action. Here’s how you can reduce the likelihood of falling for Wells Fargo phishing scams:

• Set spam filters for your email client. Spam filters analyze your inbox and identify phishing attacks. While they might not catch every malicious attempt, using them in addition to other measures is still a good idea. You can’t fall for a phishing email that never reaches your inbox in the first place.
• Check the sender’s email address. Even if the email looks legitimate, hover over the sender’s name to see their actual email address. Also, look for unusual characters or misspellings (for example, Wells Fargo with an uppercase “I” instead of a lowercase “l”).
• Learn the most common signs of phishing emails. Poor grammar, odd fonts, and requests for money or personal information indicate a phishing attack. Be cautious and avoid clicking on links or downloading attachments from suspicious emails.
• Enable NordVPN’s Threat Protection Pro feature. Threat Protection Pro automatically blocks access to malicious websites and scans the files you download for malware.
• Think before you act. If an email says that your Wells Fargo account will be blocked in a few minutes unless you click a link, stop and consider why the company would send this. It’s highly unlikely that a legitimate bank would close your account for no good reason.

How to protect your Wells Fargo account

Here’s what you can do to improve the security of your Wells Fargo bank account:

• Enable multi-factor authentication (MFA). While MFA won’t prevent phishing attacks, it could still protect your account from cybercriminals. MFA requires you to authorize any login attempt using a one-time verification code or answer security questions. You can also use two-factor authentication (2FA) to secure your account. If you choose 2FA, you must enter your password and the code to log in.
• Check for a data breach. If scammers use your personal information, such as credit card number, email address, or phone number, to make their phishing email sound more legitimate, your data may have leaked online.
• Create a strong password. Whether you’ve clicked on a phishing email or not, securing all your accounts with a strong password is always important. Follow common tips on creating a strong password. For example, your password should be at least 12 characters long and include a mix of different characters (letters, numbers, and symbols). Also, don’t share your online banking password or access code with anyone.
• Monitor your bank account for any suspicious activity. By closely monitoring your account, you can quickly spot unauthorized transactions and contact the bank immediately. This proactive approach can help prevent financial loss and secure your account.