Navegó a una página que no está disponible en español en este momento. Seleccione el enlace si desea ver otro contenido en español.

Página principal

How to Report Phishing and Email Scams

If you encounter a suspicious email or text message that claims to be from Wells Fargo, do not respond to it or click on any links.

What to do

Do not open attachments, click on links, or respond to emails or text messages from suspicious or unknown senders.

If you receive a suspicious email or text message that appears to be from Wells Fargo and you:

  • Did respond by clicking on a link, opening an attachment or providing personal or financial information, call us immediately at 1-866-867-5568.
  • Did not respond, please forward the suspicious email or send us an email with the text message copy (no screenshots) at reportphish@wellsfargo.com. You will receive an automated response.

What is phishing?

Phishing is usually a two-part scam involving an email or text message containing links to a spoof website requesting sensitive information such as username, password, and account details. Once obtained, your personal and financial information can be used to access your account and steal money.

How to recognize a phishing email

Phishing emails are becoming more sophisticated and difficult to distinguish from legitimate emails. By impersonating a reputable company, these emails tend to use clever and compelling language, such as an urgent need for you to update your information or communicate with you for your security. In order to spot a phishing email, look for a combination of red flags. 

In the example below, notice:

  1. Non-Wells Fargo email address: The email address of the sender does not include the wellsfargo.com domain name, instead using “comcast.net”: WellsOnlineBank2@comcast.net
  2. Urgent call to action: The email includes an urgent call to action in the subject line and message copy: “for your protection and for security reasons.” Phishing emails may also contain extra spacing or unusual punctuation in addition to other red flags.
  3. Suspicious URL: Although the URL looks like it would take you to a Wells Fargo website, the email actually contains a link to a non-Wells Fargo URL, which could be a fraudulent website. The suspicious URL, such as http://wellsbankonline2-comcast.net, would be revealed by hovering over the link (not viewable in this screenshot).

 


How to recognize a phishing text message

Phishing texts use similar techniques as phishing emails, namely a sense of urgency to secure your account, using words like “limited,” “locked,” or “deactivated” to describe your account status. These texts may prompt you to call a specific phone number, visit a link, or respond directly with personal or account information. To spot a phishing text, look for a combination of red flags.

In the example below, notice:

  1. Suspicious sender: The text was sent by a suspicious email address, instead of “935-57” (WELLS), which is the official Wells Fargo short code.
  2. Unusual text treatments: The text message contains a combination of unusual text treatments, including all caps, arrows, ID numbers, and an exclamation mark. 
  3. Unprompted identity request: The request to verify the recipient’s identity was unprompted. Wells Fargo will request to verify your identity via access code only when prompted by an action that you have initiated, such as signing on to online banking or sending money.


Learn more about the various types of phishing and other scams.