Navegó a una página que no está disponible en español en este momento. Seleccione el enlace si desea ver otro contenido en español.

Página principal

Five steps to avoid phishing scams

Phishing scams can come from fraudsters via text, email, or a phone call and often use an urgent tone to push you to act quickly, without thinking.

They may pose as someone you know or as a legitimate organization to ask for an immediate payment or sensitive information.

  Remember  

Don't share your PIN, online banking password, or one-time access codes with anyone. Wells Fargo will not contact you and ask for this information. 

Here are five steps to help spot, avoid, and report phishing attempts. 

Step 1: Be alert. Know the phishing warning signs.

Scammers use Artificial Intelligence (AI) in their phishing messages to skillfully imitate your bank, a government agency, or another organization you recognize or trust.

Here are two phishing examples that imitate Wells Fargo communications.


Phishing email example

  1. Beware of email addresses that do not include “wellsfargo.com.”
  2. Use caution with urgent alerts that ask you to act immediately.
  3. Don't click links, call numbers, open attachments, or scan QR codes from unexpected communication.

When in doubt, sign on to Wells Fargo Online® or contact us directly by calling the number on the back of your card.


Text phishing example

  1. Check the sender. Scam texts often imitate real companies or contacts, making messages appear legitimate when they aren’t.
    Tip: Most Wells Fargo texts come from one of the following short codes: 93557, 93733, 93729, 93767, 20342, 22981, or 93000.
  2. Do not respond to alerts that ask you to provide your private account access information.
  3. Don't click links or call numbers provided in a text.
  4. Be aware of spoofing attempts. Phishing attempts can be sophisticated and imitate caller ID to make the call look legitimate.

When in doubt, sign on to Wells Fargo Online® or contact us directly by calling the number on the back of your card.

Step 2: Pause. Go slow when you spot false urgency.

Phishing attempts often arrive as an urgent request.

Be suspicious of messages that announce a “problem” with your account or ask you to immediately log in to unlock your account, verify a transaction, make an online payment, or reverse a payment.

When asked to “act immediately,” do the opposite. Go slow and resist the urge to respond right away. 

Step 3: Verify. Confirm the sender but don’t rely on caller ID. 

Phishing attempts can be sophisticated and may even spoof (or imitate) caller ID to make the call look legitimate.

Don’t assume a communication can be trusted simply because it appears or sounds legitimate. 

Contact the organization directly by going to their website.

To verify communications that appear to be from Wells Fargo, sign on using the Wells Fargo Mobile® app or type “wellsfargo.com” into a new browser tab to access Wells Fargo Online® directly.

Learn more about bank imposter scams.

Step 4: Stop. When in doubt, don’t respond.

When you receive an urgent request that doesn’t seem right, hang up or close the message. You aren’t being rude — you are being wise.

Actions to avoid:

  • Do not sign on to your Wells Fargo account from a link embedded in a suspicious message.
  • Do not share personal account information such as your PIN, password, or one-time access codes.
  • Do not click any links, open attachments, or scan QR codes which can install malware on your device.
  • Do not call phone numbers included in the communication.
  • Do not allow remote access to your computer.

  Tip  

Wells Fargo offers additional security options for signing on to your account. Learn more about our enhanced security tools and authentication options.

Step 5: Let us help. Report phishing if it happens.

Be sure to use the Wells Fargo Mobile® app to regularly monitor your account for suspicious activity. You can also turn on additional alerts to be notified of transactions and withdrawals.  

If you've responded to a phishing attempt (or message)
Call us immediately at 1-866-867-5568 if you clicked a link, opened an attachment, sent a payment, or provided personal or financial information in response to a suspicious message.

If you’ve spotted a phishing attempt
If you see a suspicious message mentioning Wells Fargo but didn’t click on the link or open any attachments, email the message to us at reportphish@wellsfargo.com and then delete it. You will receive an automated response.

If the suspicious message is unrelated to Wells Fargo, consider contacting that organization directly to report the incident. 

When to report fraud
If you suspect you were the victim of fraud related to your Wells Fargo account, contact us immediately.

Learn more about how you can proactively help to protect your Wells Fargo account.

FAQs

How do I report a phishing email to Wells Fargo?

You can report suspicious emails or text messages claiming to be from Wells Fargo by forwarding them to reportphish@wellsfargo.com.

Will Wells Fargo ever ask for my password via email?

No. Wells Fargo will never ask for your password, PIN, or one-time access codes through email or text. If you receive such a request, do not respond.

What should I do if I clicked a link in a suspicious email?

If you shared any account information or clicked a suspicious link, call Wells Fargo immediately at 1-866-867-5568.

How can I tell if a Wells Fargo email is real?

Check the sender's address, look for your name (scams often use "Dear Customer"), and check for a sense of extreme urgency or threats to close your account.