Outline:
Email purporting to be from US based bank Wells Fargo claims that the bank has implemented new security measures designed to protect customers from unauthorised login attempts. It claims that you must click a “secure update” link to update your credentials so that you can be part of these new security measures.
Analysis:
The email is not from Wells Fargo and the claim that you must click a link to update account security measures is not true. The message is a phishing scam that is designed to steal your Wells Fargo account login details and other personal and financial information.
Clicking the link takes you to a fraudulent website that has been made to look like the genuine Wells Fargo website. The fake site first asks you to log in with your Wells Fargo account credentials. It then asks you to provide your credit card details, name, address, and contact details, and other personally identifying information, ostensibly as part of the “security update” procedure.
All of the information you supply on the bogus site can be collected by scammers and used to hijack your Wells Fargo account, commit fraudulent bank and credit card transactions, and commit identity theft.
Always login to your online accounts by entering the address into your browser’s address bar or via an official app.
Last updated: January 12, 2017
First published: January 12, 2017
By Brett M. Christensen
About Hoax-Slayer
References
Wells Fargo “1 New Security Message” Phishing Scam