Navegó a una página que no está disponible en español en este momento. Seleccione el enlace si desea ver otro contenido en español.

Página principal

Phishing Email and Text Scams

Learn how to spot and report suspicious email and text messages that appear to be from Wells Fargo.

What is phishing?

Phishing is the fraudulent attempt to obtain sensitive information, such as usernames, passwords, and account details, typically through an email, text message, or even a phone call.

These messages may impersonate a company, charity, or government agency and often make up an urgent request to convince you to sign on to a fake site, open an email attachment containing malware, or respond with personal or account information. The information you provide can be used to commit identity theft or access your account to steal money.

If you receive a suspicious email or text message, don’t respond, click any links, or open attachments. Don’t sign on to your account from a link in a suspicious message. Close the suspicious message and sign on using the Wells Fargo Mobile® app or type into a new browser window or tab.

How to report phishing

If you responded

If you clicked on a link, opened an attachment, or provided personal or account information, call us immediately at 1-866-867-5568.

If you didn’t respond

Forward the suspicious email or text to and then delete it. You will receive an automated response. We will review your message right away and take action as needed.

Common phishing warning signs

Phishing scams can be hard to spot, but here are some warning signs:

Suspicious sender

Do you know the email address, phone number, or short code? Don’t respond to messages from a sender you don’t recognize. Five-digit short codes are commonly used by companies, like Wells Fargo, to send text messages. Add trusted short codes and phone numbers to your contact list so you recognize them when you receive a text.

Unusual language

Are there spelling or grammar mistakes in the message? Does it contain unusual formatting, such as ID numbers or punctuation like exclamation points? It may be a scam, so don’t respond.

Urgent request

If you receive an urgent request to unlock your account, verify your identity, or confirm account details, don't click any links or respond. It's likely a phishing attempt and should be deleted.

Unexpected phone call

Phone numbers can be spoofed to impersonate legitimate companies. If someone calls asking for your PIN, temporary access code, or online banking password, hang up. Call the number on the back of your Wells Fargo card or the website to verify the request.

Bank imposter scams are on the rise. Learn how to help protect yourself from this type of phishing.

For your security

Wells Fargo may email, text, or call you if we detect unusual account activity.

Important: Wells Fargo will never ask for your card PIN, temporary access code, or online banking password.

If someone claiming to be from Wells Fargo asks for this information, do not respond. When in doubt, call us immediately using the number on the back of your card.

We may also send you a temporary access code to verify your identity based on an action you have taken, such as when you sign on or use Zelle®. If you receive an unexpected access code, do not provide it to anyone who contacts you asking for it and call us immediately.

What does phishing look like?

Email phishing can be difficult to distinguish from legitimate emails. In this example, notice:

  1. Non-Wells Fargo email address: The email address of the sender does not include the domain name, but instead uses “”.
  2. Urgent call to action: The email conveys urgency by saying, "you need to update your account today for security purposes" to convince you to take action.
  3. Suspicious web address (or URL): The email contains a link that appears to be legitimate but leads to a fraudulent website. You should preview a URL before clicking on it. If you’re using a computer, hover over the link with your mouse, and the URL will show in the bottom left of your browser window. On your mobile phone, you can tap and hold the link and the URL will appear in a pop-up box. Beware: URLs beginning with "https" can also be used for phishing.

What does smishing look like?

Text phishing or “smishing” uses similar techniques as email phishing. In this example, notice:

  1. Suspicious sender: The text was sent from an unknown phone number, instead of one of Wells Fargo’s official short codes: 93557, 93733, 93729, 93767, or 22981.
  2. Unexpected request and unusual formatting: The message may include an unexpected request to provide "required information" in order to regain access to your credit card.
  3. Suspicious web address (URL) or phone number: The text message contains a link to a non-Wells Fargo URL, which could be a fraudulent website. Always preview a URL before clicking on it. On a mobile phone, press and hold the link and the URL will appear in a pop-up box. Phishing texts may also include a fraudulent phone number. Do not call the number in a suspicious text. Call the number on the back of your Wells Fargo card or the website to verify the request.