In addition, fraudsters use innocent-looking calendar invitations as clickbait, and try to get message recipients to click on the invitations, which take them to a malicious website that resembles the Wells Fargo site, according to Abnormal Security, a cybersecurity research company that says it discovered the attack.
As per Abnormal Security’s, for this type of fraud, emails arrive in inboxes at various large companies that appear to be from a Wells Fargo Security Team member who tells recipients they’ve been sent a new security key to protect their personal accounts. The message urges the recipients to open the attached calendar item, an .ics file, and follow the instructions, or risk having their accounts suspended.
Victims are asked for sensitive information like the username, login, card PIN, or number for their personal accounts held at Wells. The company declined an interview request but they encouraged the customers who receive suspicious emails to not respond, click on any links or open any attachments in any format. The company also has set up a webpage with information and resources on phishing.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now