Phishing is usually a two-part scam involving emails and spoof websites. Fraudsters, also known as phishers, send an email to a wide audience that appears to come from a reputable company. This is known as a phish email.
In the phish email, there are links to spoof websites that imitate a reputable company’s website. Fraudsters hope to convince victims to share their personal information by using clever and compelling language, such as an urgent need for you to update your information immediately or a need to communicate with you for your own safety or security. Once obtained, your personal information can be used to steal money or transfer stolen money into another account.
Use caution if you receive an email expressing an urgent need for you to update your information, activate your online banking account, or verify your identity by clicking on a link. These emails may be part of a phish scam conducted by fraudsters to capture your confidential account information and commit fraud. Never open attachments, click links, or respond to emails from suspicious or unknown senders. If you receive a suspicious email that appears to be from Wells Fargo, report it and delete it.
Fraudsters obtain email addresses from many places on the Internet. They also purchase email lists and sometimes guess email addresses. Fraudsters generally have no idea if people to whom they send banking-related phish emails are actual bank customers. Their hope is that a percentage of those phish emails will be received by actual bank customers.
If you receive a fraudulent email that appears to come from Wells Fargo, this does not mean that Wells Fargo’s computer systems have been breached.
Fraudsters may attempt to direct you to spoof websites via emails, pop-up windows or text messages. These websites are used to try to obtain your personal information. One way to detect a phony website is to consider how you got to the site. Use caution if you may have followed a link in a suspicious email, text message, online chat or other pop-up window requesting your personal or account information.
A phishing attempt sent via SMS (Short Message Service) or text message to a mobile phone or device. This tactic is also referred to as smishing, which is a combination of SMS and phishing. The purpose of text message phishing is the same as traditional email phishing: convince recipients to share their confidential information.
Never take action on a request for your personal or financial information, including account numbers, passwords, Social Security number or birth date. If you receive a text message expressing an urgent need for you to update your information, activate an account, or verify your identity by calling a phone number or submitting information, on a website, do not respond and delete it. These messages may be part of a phishing scam conducted by fraudsters in an attempt to capture your confidential account information and may be used to commit fraud.
Known as vishing, or voice phishing, this tactic is a phishing attempt made through a telephone call or voice message. Fraudsters may have the ability to spoof their caller ID so it could appear that the telephone call is coming from a legitimate company. Fraudsters may also have identifying customer information, such as your name, which they may use to make the call appear more authentic.
If you are uncomfortable with a phone call that was not initiated by you, ask for the purpose of the call and then hang up. Then, contact the company using legitimate sources such as contact phone numbers found on the company’s website, your bank statements, and those listed on your ATM, debit or credit card.
Some fraudsters still use low-tech methods to obtain your personal and financial information. Phishing attempts can be made through regular mail or fax machines. If you are suspicious about a piece of mail or fax you have received requesting personal or financial information, you should discard it. If you responded to a suspicious mailing or fax and provided confidential information, contact the company the mail or fax appears to be from. Use a legitimate source such as the phone number listed on the company's website, billing statement, or on the back of your ATM, debit or credit card to determine if your information was compromised.