Show vulnerabilities with patch / with exploit
22 June 2020

Phishing campaign impersonates Wells Fargo security team, lures victims with calendar invites


Phishing campaign impersonates Wells Fargo security team, lures victims with calendar invites

Researchers fr om the security firm Abnormal Security have warned about a phishing campaign impersonating the Wells Fargo Security Team that uses calendar invites to lure potential victims to phishing pages.

The phishing messages spotted by Abnormal Security claim to contain a new security key to protect customer’s account. The email urges the user to open the attachment and follow the instructions, or risk having their account suspended.

“Additionally, the message instructs users to open the attached file using their mobile device. Here, the attacker is attempting to exploit a setting where the event will automatically be added to a user’s calendar. Most of these programs will send an automatic notification to the user and attackers hope that potential victims will click on the event and follow the malicious link. As a result, these attacks are more likely to be seen by recipients,” the researchers said.

The malicious attachment in the message is an .ics file used by calendar applications to store scheduling information The file contains a link to a Sharepoint page which presents users with another link to secure their account. In reality, this link leads to a fake page for Wells Fargo wh ere users are prompted to enter their username, password, PIN, and account numbers. The gathered information is then sent directly to the attacker.

So far, the observed phishing campaign targeted more than 15,000 Wells Fargo customers, Abnormal Security revealed.

“Financial institutions are always common targets for attackers. Access to a user’s sensitive information would allow an attacker to commit identity theft as well as steal any money associated with the account. Many of these companies have stringent regulations and security in order to protect users and their financial holdings. However, attackers are continually finding ways to compromise users’ accounts,” the researchers warned.

Back to the list

Latest Posts

Weekly security roundup: July 13, 2020

Weekly security roundup: July 13, 2020

A short overview of last week's top stories in the world of cyber security.
13 July 2020
Hackers are attempting to exploit recent Citrix vulnerabilities

Hackers are attempting to exploit recent Citrix vulnerabilities

Citrix downplayed the impact of the vulnerabilities and said they are less likely to be exploited compared to CVE-2019-19781.
13 July 2020
Zoom patches critical bug affecting Zoom client for Windows

Zoom patches critical bug affecting Zoom client for Windows

The company has also released a planned update for Phone and Web users, which brings AES-256 bit encryption.
13 July 2020