In this article:
Identity theft and fraud protection for your finances, personal info, and devices.
How Do You Know If an Email From Wells Fargo Is Real?
As one of the largest banks in the world, Wells Fargo attracts all kinds of imposters who regularly target victims with fake texts, phone calls, and phishing emails. Unfortunately, these scammers are only getting better at tricking victims into giving up sensitive information and access to online bank accounts.
According to the Federal Trade Commission (FTC), Americans lost more than $310 million to email scams in the first nine months of 2023 alone [*].
If you’re a Wells Fargo customer, you need to be able to tell a fake email from a real one — but it’s not always easy.
In this guide, we'll explore what Wells Fargo phishing emails typically look like, the latest scams to be aware of, and what to do if you’re targeted by a scam.
What Is a Wells Fargo Phishing Email? How Does the Scam Work?
Wells Fargo phishing emails come in many different forms, but they typically have the same goal: to steal your personal and financial information.
Cybercriminals send millions of emails a month — masquerading as security alerts or other communications from Wells Fargo bank. But if you click on links contained inside these phishing attempts, you’ll be taken to fake websites designed to steal your online banking and account information.
Here's a breakdown of how this type of email scam usually works:
- You receive an email from an alleged Wells Fargo account. Scammers spoof legitimate Wells Fargo emails by using the financial institution’s official logo — copying its typical language, and even changing the “from” name to Wells Fargo.
- Next, you’ll be told there’s an issue with your account. Fraudsters use all sorts of social engineering tactics to get you to click on dangerous links. For example, they may claim you need to verify your identity, or that your bank account has been frozen due to suspicious activity.
- When you click on the link, it will take you to a fake Wells Fargo login page. Scammers create fake bank login pages to steal your online banking password, access code, or credit and debit card numbers. Some links may even contain dangerous malware that infects your computer with viruses.
- Once logged in, scammers request even more information. You may be asked to provide personal information to “verify” your identity — such as your phone number, Social Security number (SSN), or bank account and credit card numbers. Some fraudsters even ask you to provide a selfie in which you are holding your ID (driver’s license, passport, etc.), which they can then sell on the Dark Web.
- Finally, you’re redirected to the real Wells Fargo website. To hide their crimes, fraudsters redirect you to the real Wells Fargo website, leading you to believe that the whole thing was a legitimate process — until your account is compromised.
Unfortunately, this type of scam doesn’t just originate from Wells Fargo phishing emails. Con artists can also use text scams, fraudulent phone calls, or even traditional mail to target their victims.
💡 Related: The 11 Types of Phishing Scams You Need To Be Aware Of →
Example: A Wells Fargo Phishing Email That Almost Worked
Here’s a recent example of a Wells Fargo phishing email that targeted thousands of Americans:
Without taking the time to scrutinize the email above, you could easily fall for this scam. The fraudsters have used Wells Fargo’s official logo, changed the “from” name to Wells Online, and even included what looks like an official Wells Fargo link.
However, if you look a little closer, you’ll see warning signs indicating that this is a phishing email, such as:
- The email domain. Anyone can change the “from” name via their email service provider; but legitimate emails sent from the bank only come from the official “Wellsfargo.com” domain. Make sure you click on the name to reveal the actual email address that is contacting you.
- It includes strange phrasing and grammatical errors. Banks employ writers and editors to craft grammatically correct messages; scammers do not. Some fraudsters even make intentional formatting or grammar mistakes to avoid wasting time on more analytical people.
- The link takes you to a suspicious domain. While the link in this email appears to direct to a Wells Fargo webpage, it actually leads to a scam site. You can verify the link's target destination by hovering over it on a desktop computer or by holding down the link on your mobile device.
- There’s no additional contact methods provided. Bank communications typically include links for customer support, along with an address and phone number. Sophisticated scams may include these, but you should always double-check to make sure they’re legitimate.
- There are no references to personal or sensitive information. Banks usually refer to you by name or reveal the last four digits of your card number. Though scammers may have this information, which will increase the scam's believability, they usually use generic greetings and language.
The bottom line: Scammers are almost always financially motivated — and phishing emails claiming to be from your bank are among the most common tactics fraudsters use to get access to your funds. Consider protecting yourself (and your bank account) with Identity Guard’s award-winning digital security and identity theft solution. Save up to 33% when you sign up for Identity Guard today.
The 6 Latest Wells Fargo Phishing Email Scams
- Unauthorized activity on your Wells Fargo account or card
- Your account has been frozen until you verify your identity
- Confirm or dispute fraudulent purchases
- Your contact details have been updated
- Fake Wells Fargo surveys and giveaways
- Email about a Wells Fargo inquiry or application
While most phishing emails contain similar warning signs, scammers are always adapting their techniques. Here are some of the latest and most common scams that fraudsters are running via Wells Fargo phishing emails:
1. Unauthorized activity on your Wells Fargo account or card
In this scam, fraudsters claim your bank has suspended your account to protect you from unauthorized activity. To reactivate your account, you need to log in by following the link provided. The scammers want you to share your personal information on their fake Wells Fargo page or click on links to download their malware.
How to spot (and avoid) this Wells Fargo phishing email:
- Look out for warning signs. Pay attention to strange phrasing and capitalization used throughout these emails. If your account was truly disabled, you should expect to be addressed by name.
- Check the status of your accounts directly — not through links in emails. If you’re concerned about potentially fraudulent activity, log in to your Wells Fargo account directly to check it out. If real, the alerts will appear there as well. Don’t click on the links in emails or text messages.
- Make sure any link you click on takes you to the official “Wellsfargo.com” website. Before clicking on a link, check the destination to which it’s taking you by hovering over the link on desktop or pressing down on the link on mobile devices.
🛡 Protect your bank accounts and identity with award-winning security. Identity Guard has helped shield over 38 million Americans from fraud, identity theft, and hacking. Save up to 33% when you sign up for Identity Guard today.
2. Your account has been frozen until you verify your identity
Identity verification scams pose as helpful security measures; but in reality, they collect personal information that scammers can use to steal your identity or access your Wells Fargo account. These schemes may include requests for you to confirm your email or billing address — or there may be no mention of any specific information, and you are simply asked to click on a link.
How to spot (and avoid) this Wells Fargo phishing email:
- Check out Wells Fargo’s security alerts. To validate these types of emails, see what security alerts you've signed up for. Wells Fargo also offers tips on its website, such as, "What does phishing look like?" [*].
- Use the website or app to review your contact information. When in doubt, log in directly to the Wells Fargo mobile app (or at WellsFargo.com) to check your account details.
- Verify the sender’s address. Scammers often use email addresses that look official at first glance. Upon further inspection, you’ll often see that they’re using look-alike domains — such as "WellsFargo-com" in the example above.
💡 Related: What Information Do Cybercriminals Steal? (How To Protect Yours) →
3. Confirm or dispute fraudulent purchases
Fraudsters may try to get your attention by alerting you to purchases or transfers that you never made. This will make you think you've been scammed — when in reality, the email itself is a scam!
How to spot (and avoid) this Wells Fargo phishing email:
- Never send money to fight fraud. In a Zelle version of this scam [*], fraudsters request that victims send money between accounts to defend against the alleged fraud. If sent, however, the transfer will go directly to the scammer. No fraud defense includes sending or transferring money. This type of request always signals a scam and should never be followed.
- Carefully review recent purchases on your Wells Fargo account. In the case of real fraud, you do need to act quickly — but not at the cost of caution. If you want to find out more about an alleged transaction, take a few minutes and log in to your account or call Wells Fargo directly.
- Make sure your name and account information are mentioned. Scams like these are often light on specifics. While the above scam does provide information about the alleged purchase, it does not provide any account details. This is a red flag.
💡 Related: What Is Credit Card Fraud? How To Secure Your Cards →
4. Your contact details have been updated
Scammers use your fears of being hacked against you. In this scam, they lead you to believe your contact information has been changed without your authorization. Everything in the email looks legitimate, including the address and phone number. The danger comes from one of the links — the call to action, which contains malware.
How to spot (and avoid) this Wells Fargo phishing email:
- Double-check the contact information provided. Before calling the listed phone numbers or replying to any emails, do a google search of the contact information and make sure it's legitimate.
- Call Wells Fargo directly. Contact Wells Fargo by using the phone number on the back of your access card, and ask about the email. They should have some record of the alleged account updates.
- Take the necessary steps to shut down identity theft. If you learn that you’re dealing with a real identity theft threat, take action immediately. This may include shutting down fraudulent accounts, updating your contact information, revising your login information, and freezing your credit.
💡 Related: What To Do If a Scammer Has Your Social Security Number →
5. Fake Wells Fargo surveys and giveaways
Wells Fargo and the other banks occasionally run surveys and giveaways, which scammers spoof to fool customers. Fraudsters hope you respond and fill out the required information, such as your name and address, and may even ask for your account number or credit number for processing fees should you win.
How to spot (and avoid) this Wells Fargo phishing email:
- Consider how realistic the offer is. Scams like these are usually too good to be true. You may have won a contest that you never entered, or are offered great rewards for very little risk.
- Watch out for a lack of personalization. While fraudsters can buy personal information on the Dark Web for as little as $5 [*], scam emails often lack personalization. In this example, "valued customer" indicates the scammers don't have your name (or didn't want to spend the time and money to input your name).
- Verify that Wells Fargo is conducting a survey. Visit the Wells Fargo website or give them a call and ask if they're actually running this type of promotion. That should help clear up any confusion.
💡 Related: How To Identify a Fake Walmart Email (And Other Walmart Scams) →
6. Email about a Wells Fargo inquiry or application
This scam leads you to believe that someone has created an inquiry or account application in your name. The scammers want you to believe the inquiry is being processed so that you will either dispute it or investigate the matter further. They just hope you do so by clicking on the link or providing them with information directly.
How to spot (and avoid) this Wells Fargo phishing email:
- Look closely at the formatting. Wells Fargo emails usually follow a similar format, regardless of the content. Take note of odd or threatening language, such as in the above example. You should also look closely to ensure that the characters are as they appear (i.e., not a capital “i” instead of a lowercase “L”). You can do this by copying and pasting the letters into a word processor and changing the font.
- Look out for urgent requests. Scams often elicit urgency to push victims into making bad decisions. Typically, banks won't give you time limits to respond. They will try a different contact method.
- Check for a data breach. These phishing scams may include personal information, such as your credit card number or email address. Rather than assume an email is legitimate, check to see if your information was leaked in a data breach. Identity Guard offers a free privacy checkup which scans breaches for your email address.
⚡️ Get alerted fast if your data has been leaked or compromised. Identity Guard monitors your most sensitive personal information across the Dark Web, recent data breaches, public records, and more to alert you if your data is being fraudulently used. Try Identity Guard today.
Did You Open or Click on a Link in a Phishing Email? Do This!
If you opened a phishing email that purported to come from Wells Fargo, you need to act quickly to limit the damage to your bank account and identity.
Here’s what to do to keep your account and identity safe:
- Review your accounts. Log in to your online banking account, and look for any new or unauthorized activity. Make note of anything unusual so that you can flag it with your bank. You may need to close vulnerable accounts and cards, and get new ones.
- Report the scam to the Wells Fargo fraud department. Wells Fargo offers different reporting channels depending on your situation. Call 866-867-5568 if you clicked on a link or opened an attachment. Call 800-869-3557 if you’ve shared personal information. Even if you didn't fall for the scam, you should still send a copy of the email to reportphish@wellsfargo.com.
- File a complaint with the Federal Trade Commission (FTC). If you suspect you've been victimized by fraud, file a complaint with the FTC at ReportFraud.ftc.gov. If you think your identity is at risk, file a complaint at IdentityTheft.gov. Both of these channels will submit your information to law enforcement and help you with next steps. Identitytheft.gov will even provide you with sample letters to give to your bank.
- Secure your accounts. Log in to your online bank account, update the passwords, and enable multi-factor authentication (MFA). You might also sign up for Wells Fargo's security alerts to notify you of suspicious account activity [*]. You should strengthen the security measures on all of your online accounts, as well.
- Secure your devices. Perform an antivirus scan to clean up any malware on your computer, including ransomware, spyware, and remote access software.
- Safeguard your identity. For extra protection, consider Identity Guard's identity theft solution, which provides fraud and credit monitoring alerts to keep you safe.
- Freeze your credit with all three bureaus. A credit freeze makes your credit inaccessible to anyone (including you) until you lift it. You need to place a freeze with each of three major credit bureaus individually — Experian, Equifax, and TransUnion.
- Inform the Anti-Phishing Working Group. You can send a copy of a phishing scam email to the APWG at reportphishing@apwg.org. The APWG will analyze the email and investigate in order to help stop and prevent criminal activity.
💡 Related: What To Do If a Scammer Has Your Email Address →
How To Protect Your Wells Fargo Account From Scammers
The threat of Wells Fargo phishing emails isn't going away any time soon. In fact, these types of scams and scammers are only getting more sophisticated and daring.
You can keep your accounts safe online by adhering to the following best practices:
- Slow down and look for warning signs of a phishing scam.
- Don't respond to emails, messages, or calls that you can't confidently identify.
- Create secure and unique passwords for all of your online accounts.
- Enable two-factor authentication (2FA) on your accounts for added security.
- Never give out passwords, PINs, or 2FA/MFA codes — legitimate bank employees will never ask for these.
- Don’t click on links in suspicious emails (instead, open a new window and log in to Wells Fargo online).
- Keep your apps, operating system, and cybersecurity tools updated to avoid hacking.
- Regularly monitor your bank accounts for suspicious activity and signs of fraud.
- Set up Wells Fargo security alerts to inform you of fraud.
With the proper time and care, you can keep your bank accounts safe on your own — but you don't have to do it alone.
Identity Guard offers three-bureau credit, transaction, and bank account monitoring, plus award-winning identity theft protection, Safe Browsing tools, and $1 million in insurance for eligible losses due to identity theft for every adult on your plan.