22 June 2020

Phishing campaign impersonates Wells Fargo security team, lures victims with calendar invites


Phishing campaign impersonates Wells Fargo security team, lures victims with calendar invites

Researchers fr om the security firm Abnormal Security have warned about a phishing campaign impersonating the Wells Fargo Security Team that uses calendar invites to lure potential victims to phishing pages.

The phishing messages spotted by Abnormal Security claim to contain a new security key to protect customer’s account. The email urges the user to open the attachment and follow the instructions, or risk having their account suspended.

“Additionally, the message instructs users to open the attached file using their mobile device. Here, the attacker is attempting to exploit a setting where the event will automatically be added to a user’s calendar. Most of these programs will send an automatic notification to the user and attackers hope that potential victims will click on the event and follow the malicious link. As a result, these attacks are more likely to be seen by recipients,” the researchers said.

The malicious attachment in the message is an .ics file used by calendar applications to store scheduling information The file contains a link to a Sharepoint page which presents users with another link to secure their account. In reality, this link leads to a fake page for Wells Fargo wh ere users are prompted to enter their username, password, PIN, and account numbers. The gathered information is then sent directly to the attacker.

So far, the observed phishing campaign targeted more than 15,000 Wells Fargo customers, Abnormal Security revealed.

“Financial institutions are always common targets for attackers. Access to a user’s sensitive information would allow an attacker to commit identity theft as well as steal any money associated with the account. Many of these companies have stringent regulations and security in order to protect users and their financial holdings. However, attackers are continually finding ways to compromise users’ accounts,” the researchers warned.

Back to the list

Latest Posts

ShadowSyndicate ransomware group targeting Aiohttp flaw

ShadowSyndicate ransomware group targeting Aiohttp flaw

Organizations are urged to update to Aiohttp v3.9.
18 March 2024
The International Monetary Fund discloses cyberattack affecting 11 email accounts

The International Monetary Fund discloses cyberattack affecting 11 email accounts

The organization did not share any additional details regarding the nature of the attack.
18 March 2024
E-Root Marketplace operator sentenced to 3.5 years in prison

E-Root Marketplace operator sentenced to 3.5 years in prison

It is estimated that over 350,000 compromised credentials were listed for sale on the E-Root Marketplace.
18 March 2024