Wells Fargo Text Message Scam

what it is and how it works

What the Wells Fargo Text message scam looks like

So there you are, minding your own business and you get a text message from a number you don’t recognize claiming to be Wells Fargo. The text of the message probably reads something like this:

Important message from Wells Fargo: Please update your personal information to avoid account locking.

In my case the text came from 1-(304) 519-1229. Ironically, since I grew up in West Virginia, I immediately recognized the 304 area code as a WV prefix.

The text comes with a link attached that you’re supposed to click so you can go to the page that will allow you to update your personal info and avoid your account being locked. The whole message, as I received it looked like this on my iPhone.

Content of the scammers text message.

Since I work from a Mac and have the Messaging app installed I can hover over the link and see where it will take me if I click on it. If you did click on it you’d go to a page at this URL, h**p://online-wells.txt-5208.com.

NOTE: I used * instead of ‘t’ in the URL so no one would inadvertently click or copy the scammers destination page.

How to spot a scam

So without visiting the link, how did I know this was a scam?

Fits the phishing profile

Being a modern web developer keeps me in the loop about malicious attacks. Keeping my clients personal info safe is priority number one. This is one significant reason I host all my sites on a VPS (Virtual Private Server).

This scam is a classic “phishing scam” where the scammer baits you with a warning that if it were real, would command you’re immediate attention. The unsuspecting user clicks on the link and is taken to an official looking page. In this case it would resemble a Wells Fargo page that looks like this.

Wells Fargo scammer screen.
DON’T EVER ENTER INFORMATION INTO A FORM LIKE THIS!
*NOTE: Don’t ever visit one of these pages! I’m showing you now so you won’t have to. I have an intimate understanding of how JavaScript loads in a browser and how to protect myself from malicious attacks. DO NOT DO THIS ON YOUR COMPUTER OR PHONE!

This is the point that they get you to enter personal information into a form. If you submit that form you’ll have given them the information they need to access you bank account.

If you’re suspect of the form they might try to get you to click other links on the page that could place tracking cookies, key stroke loggers, or other malicious code into your web browser or onto your computer.

The phone number

I went back through all my text messages stored on my computer to find an official one from Wells Fargo. Since I’ve been using the Mac Messaging app I’ve received a total of 0 messages from Wells Fargo.

That’s enough right there to know that this text is a scam.

But you might be enrolled in text alerts with your bank. If you are, you will know it because you will have gone through a deliberate process to do so. Maybe you did it a while ago and forgot. If so, here’s what an official text from an enrollment service will look like.

What an official text message looks like.

I use my AMEX card for all major purchases because their fraud detection department is on point. Not only do they catch nefarious behavior early, they will take care of disputed charges no questions asked.

I received the alert above after a major purchase from an online retailer, otherwise known as a ‘card not present transaction’.

A couple other things to note is that official messages like this don’t come from a regular 10 digit phone number. They also never ask you to click a link to another page and most will give you the option to opt out, meaning that you have at some point elected to opt in.

The attachment link

You won’t be able to mouse hover over the attachment link on your phone, revealing the scammers destination page URL. If you accidentally click the link it’ll open up a web page in your default web browser app. At this point you should be able to see the URL.

The official Wells Fargo site is www.wellsfargo.com.  The scammers are using h**p://online-wells.txt-5208.com.

Official domain = wellsfargo

Scammers Domain = online-wells.txt-5208

Wells Fargo encrypts ALL of their web pages with an SSL certificate. You can tell because the web address starts with https not http. If the certificate has been verified the https will appear green, just like the one at the top of this page.

I’ll say it again, online security is number one. All my personal and business sites are encrypted with verified certificates. I encourage all my clients to do the same and will eventually require them to if they want to do business with me. If they don’t want to pay then I usually add a free cert to their site which gives them a grey https at the front of the URL.

What to do if you get a message like this

The best thing to do is simply delete it. If you have the time and desire you can report the scam to the agency that’s being spoofed. In this case, Wells Fargo. The link to report it is here.

Or, if you’re like me, and feeling a little cheeky…

How to respond to a Wells Fargo text scammer.

Let em know how your really feel.

Until next time,