Navegó a una página que no está disponible en español en este momento. Seleccione el enlace si desea ver otro contenido en español.

Página principal

Phishing Email and Text Scams

Learn how to detect and report suspicious email and text messages that appear to be from Wells Fargo. If you encounter a suspicious email or text message don’t respond, click on any links, or open attachments.

If you responded

If you clicked on a link, opened an attachment, or provided personal or financial information, call us immediately at 1-866-867-5568.

If you didn’t respond

Forward the suspicious email or send us an email with the text message copy (no screenshots) to reportphish@wellsfargo.com. You’ll receive an automated response.

For your security, Wells Fargo may contact you by email, text, or phone regarding your card or account activity. We will only send you a text using the official Wells Fargo short code “935-57” (WELLS). When Wells Fargo contacts you, we will not ask for your card PIN, access code, or other sensitive information like your online banking username or password. If you are uncomfortable about a request for information, do not respond and instead call the number on the back of your card to verify the authenticity of the request.

What is phishing?
Phishing is usually a two-part scam involving an email or text message containing links to a fraudulent website requesting sensitive information such as username, password, and account details. Once obtained, your personal and financial information can be used to access your account and steal money.

How to recognize a phishing email

Phishing emails are becoming more sophisticated and difficult to distinguish from legitimate emails. By impersonating a reputable company’s communications, these emails tend to use clever and compelling language, such as an urgent need for you to update your information or communicate with you for your security. To spot a phishing email, look for a combination of red flags. In this example, notice:

  1. Non-Wells Fargo email address: The email address of the sender does not include the wellsfargo.com domain name, instead using something like “comcast.net”: WellsOnlineBank2@comcast.net.
  2. Urgent call to action: The email includes an urgent request in the subject line and message copy, such as “for your protection and for security reasons.” Phishing emails may also contain extra spacing or unusual punctuation in addition to other red flags.
  3. Suspicious URL: The email contains a link to a non-Wells Fargo URL, which could be a fraudulent website. If you’re using a laptop or desktop computer, you can check a link’s URL by hovering over it with your cursor, and the URL will show in your browser window.


How to recognize a phishing text

Phishing texts use similar techniques as phishing emails: a sense of urgency to secure your account, using words like “limited,” “locked,” or “deactivated” to describe your account status. These texts may prompt you to call a specific phone number, visit a link, or respond directly with personal or account information. To spot a phishing text, look for a combination of red flags. In this example, notice:

  1. Suspicious sender: The text was sent by a suspicious phone number, instead of “935-57” (WELLS), which is the official Wells Fargo short code.
  2. Unusual text treatments: The text message contains a combination of unusual text treatments, including all caps, arrows, ID numbers, and an exclamation point.
  3. Unprompted identity request: The request to verify the recipient’s identity was unprompted. Wells Fargo will request to verify your identity via access code only when prompted by an action that you have initiated, such as signing on to online banking or sending money.