Fact Check

Wells Fargo

Phishing scheme sent by e-mail targets Wells Fargo customers.

Published Dec 15, 2008

Phish Bait:   Wells Fargo customers.

Example:   [Collected on the Internet, 2004]

Security key: 229F981A835

  Dear Wells Fargo Customer,
During our regular update and verification of the Wells Fargo ATM Service®, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information.
To update your account information and start using our services please click on the link below:

Note: Requests for information will be initiated by Wells Fargo Business Development; this process cannot be externally requested through Customer Support.
Wells Fargo.com
ATM Service Department.

Origins:   This is yet another
garden-variety phishing scheme disseminated by e-mail and directed at customers of Wells Fargo. Clicking the link provided in the body of the message (deactivated in the example above) takes the user to a phony "Wells Fargo Online Validation" form which prompts for the entry of an ATM card number, PIN, expiration date, and e-mail address. The update form does not originate with or send information to the genuine Wells Fargo site; it is actually loaded from a server registered to an individual in Taipei, Taiwan. (The line in the message body informing readers that "this process cannot be externally requested through Customer Support" is presumably intended to head off Wells Fargo's being made aware of the scam through customers' calling their support department.)

Last updated:   19 September 2004

David Mikkelson founded the site now known as snopes.com back in 1994.

Article Tags