Monday, January 25, 23:55
Home security Wells Fargo: Its customers are the target of a phishing campaign!

Wells Fargo: Its customers are the target of a phishing campaign!

Wells Fargo customers are targeted by an e-phishing campaign that "impersonates" the team security of Wells Fargo and directs potential victims to electronic phishing sites with the help of Invitation to the Calendar. Wells Fargo is a multinational financial services provider, with about 263.000 employees in 7.400 locations in 31 countries and regions. It serves one-third of all US households and ranks 30th F, among the largest companies in America. Electronic phishing messages detected by security researchers e-mail Abnormal Security earlier this month targeted more than 15.000 Wells Fargo customers so far, using attachments archives calendar .ics that contain events and motivate recipients to visit phishing sites.

The alerts calendar are used to enhance the success rate of attacks

The phishing emails of the intruders alert the prospective victims that they need to update their security keys, following some instructions included in an attached .ics calendar file, while arguing to them that in this way they will avoid deleting their accounts. Specifically, Abnormal Security states that the description of the incident includes a link to a Sharepoint page that directs users to click on another link to secure their account. This link leads to a fake e-phishing page, which is supposed to belong to Wells Fargo. On this page, users are asked to enter sensitive information such as username, password, PIN and account numbers. The swindlers behind this campaign e-phishing urges potential victims to open the calendar file from their mobile phones so that they can take advantage of the fact that the event included in the .ics file will be automatically added to the victims' logbook. The victims' diary applications will then automatically display notifications, which the victims are likely to click on, as their notifications are sent by a trusted application. This is the main reason for the high success rate of these scams, while the attackers are estimated to be able to gather sensitive information from many more Wells Fargo customers.

The final e-phishing page that guides victims from the Sharepoint redirect page is a fake link to Wells Fargo, in which users are asked to enter their credentials, account numbers, email addresses, passwords as well as their four-digit card number. If the victims fall into the trap of fraud, enter their details and click on the "SUBMISSION" option at the bottom of the page, the attackers will gain access to all the information they need to break into their accounts, stealing their identity and the money of the victims.

At this point it is worth noting that bank customers have always been an attractive target for them. hackers. According to Abnormal Security, financial institutions are always the main targets of hackers. Accessing a user's sensitive information would allow a hacker to steal the victim's identity and consequently the money he has in his bank account. Many of these companies have strict regulations and security to protect users and their financial activities. However, hackers are constantly finding ways to compromise user accounts. Within a week, F5 Labs security researchers spotted ongoing attacks aimed at stealing credentials by customers of dozens of US financial institutions, infecting them with Qbot banking trojan payloads. Among the list of banks whose customers were targeted by this Qbot campaign, the researchers found Bank of America, Wells Fargo, JP Morgan, Citibank, Citizens, Capital One and FirstMerit Bank, while 36 different US financial institutions and two Banks in Canada and the Netherlands are also under attack. Two months ago, fraudsters also sent emails allegedly from the US Federal Reserve and attracted recipients, offering financial relief offers through the Payment Protection Program.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...