Online and Mobile Fraud

Whenever you access the Internet through a PC or a mobile device, you run the risk of exposing yourself and your company’s systems to online scams or unauthorized app downloads. You may be unaware information has been stolen until the money is gone from your account.

Online fraud schemes attempt to obtain confidential information—including passwords, personal ID numbers, and token codes—and use it to access your accounts, transfer money, or commit other fraudulent acts. The primary methods of online fraud are social engineering, malware, and a combination of both.

Social engineering is an attempt to manipulate you into performing actions or divulging confidential information by impersonating a trustworthy entity in electronic communications. These communications can be sent by email (phishing) or text message (smishing).

Malware is malicious software installed on your computer without your consent. Once there, it can record keystrokes, re-direct your browser, or display fake websites, all in an effort to impersonate your business in online banking transactions. Your computer can become infected with malware through documents attached to emails, links contained in emails, infected search engine results, or by a user clicking on links, videos, and documents on legitimate websites, particularly social networking sites.

How you can help protect your company

Implement dual custody – and use it properly

Dual custody (PDF), when used properly, is one of the most effective fraud deterrents in a layered security approach. Dual custody requires payments and user changes initiated by one user be approved by a second user on a different computer or smartphone before they take effect. Dual custody is one of the most effective fraud deterrents in a layered security approach.

Update antivirus and antispyware programs

Ensure that your company’s firewalls, servers, and client applications or systems are updated with all vendor-recommended patches and that your company’s antivirus and antispyware software are installed and updated regularly.

Be cautious

Use caution if you receive an unexpected email or text message expressing an urgent need for you to update your information, activate an account, or verify your identity by calling a phone number or submitting information such as a one-time code on a website. Also practice caution with e-mail attachments and downloadable files.

Educate your employees

Educate your employees about online fraud and train them never to give out their online banking access credentials, including passwords, PINs, token codes, and token serial numbers.

Use stand-alone PCs for online banking

To initiate money movement transactions, use stand-alone PCs that are not enabled for email or web browsing.

Use trusted websites

Always access the Commercial Electronic Office® (CEO®) portal through our trusted wellsfargo.com web address and the CEO Mobile® service through our mobile apps.

Protect your network

Identify trusted websites for your business and block access to any web address that is not relevant to your employees’ business needs.

Monitor online accounts daily

Actively monitor your online accounts to detect suspicious activities. Contact your customer service group immediately if you notice anything out of the ordinary.

Use notification/alert services

Sign-up for the CEO Alerts service to receive text or email notifications alerting you of electronic debits from your accounts.

We can help

Talk to your relationship manager or contact us to implement dual custody on your Wells Fargo business accounts or to learn about other tools and services to help build a strong fraud protection program to help your company avoid falling victim to online fraud.

New and sophisticated ways to commit fraud are increasing at an alarming rate. The rapidly growing number of individuals using smartphones for mobile banking has created a new target for cybercriminals to exploit. 

Much like online fraud, mobile banking fraud involves fraudsters' attempts to obtain a user's confidential login information — including passwords, personal ID numbers, and token codes — to gain access to accounts and improperly transfer money or commit other fraudulent acts. 

Mobile banking fraud is often difficult to detect. You may be unaware information has been stolen until the money is gone from your company's accounts. 

What you should do to protect your money 

  • Protect your login information. Never give your company and user IDs, passwords, or token codes to anyone who contacts you by telephone, email, or text message. Wells Fargo will never contact you out of the blue to ask for this information. 
  • Implement dual custody, and use it properly, for online payment and self-administrative services. Dual custody, when used properly, is one of the most effective fraud deterrents in a layered security approach. Dual custody (PDF) requires payments and user changes initiated by one user be approved by a second user on a different computer or smartphone before they take effect. Dual custody is one of the most effective fraud deterrents in a layered security approach. 
  • Be careful choosing apps. Before you download or install a banking app or shortcut on your smartphone, check to make sure it is a genuine, authorized app from your financial institution. The Wells Fargo CEO Mobile® iPhone app is available through the Apple App Store, and the Android app is available from the Google Play Store. 
  • Don't follow links in emails or text messages that claim to be from your financial institution, especially those expressing an urgent need for you to update your information, activate an account, or verify your identity by calling a phone number or submitting information on a website. It likely is a phish. Go directly to your bank's mobile banking service to do your banking. Forward all suspicious emails and text messages to reportphish@wellsfargo.com. 
  • Monitor online accounts regularly to detect suspicious activity. Immediately contact your Wells Fargo representative or customer service team if you notice anything out of the ordinary. 
  • Lock your smartphone when it's not in use, and store it in a secure location. Keypad and phone lock functions password-protect your smartphone so no one else can use it or view your information. 
  • Delete text messages from your financial institution frequently, especially before loaning, discarding, or selling your smartphone. 
  • If you lose your smartphone or change your number, remove the old number from your mobile banking profile or call your customer service team. 

For more information on preventing mobile banking fraud, contact your Wells Fargo representative.