Wells Fargo "Customer Alert" Phishing Text Messages

"hxxp://wffalert1.com New Critical notification"

Received link via text.

"I received a text from 1-410-200-500 states:

frm:wellsfargo-card-suspended-xhoizkbdul

sub:alert for phone NO: (my phone number)

MSG:REF. ID XHOIZKBDUL. To restore go to: hxxp://nmdtsd.com?YM=N5717Z4P9QD

I screen shot it and sent it to Wells Fargo for verification"

Received via email.

rec'd fake text from wellsy.updateg@ikgh.us.com

I received a "fake" WF account update link via Text on my personal cell which was very upsetting. I did not click the link but called WF immediately to check validity. Of course they sent no such texts and I was told to send them a screenshot at reportphishing@wellsfargo, which then was returned instantly because the system thought it was a "phishing" email. -sigh-

I have received two "emails" that show up as text messages to my cell phone and I do not have an account at Wells Fargo as far as I know and the only one that we did have at one time was a line of credit and it was paid off and and the line was closed. I do not know if anyone else has received these two text messages on the same day or not, they are as follows: agwf.ericsmithtransaction@ve (the rest of the email address is cut off could be verizon?) with the message of: (CustomerBankWells)-hxxp://bit.ly2D6Byae which I have no idea what it is for but have not opened it because I don't know if it will install Malware or let a scammer get access to my phone.

The second one is as follows: blockedtransactionwf.fotech99343 message as follows: (WellsBank) http://notification.update.account.suspended929.xn--ihq441h.hk

Once again I did not click on the link as for the same reason above; Malware or scammer?

I have reported this to the FTC as well I will have to check with a local Wells Fargo to see if they know anything about this too. Just wanted to put it out there.

Received Message:

FRM:Wells Fargo Banking

SUBJ:ATM/Debit Card alerts

MSG:Urgently verify the identity of the card

Please verify: hxxp://account-banking-wells.ml

Received the following as a text message just now...

(Alert from WellsBank) Verify identity to avoind suspending hxxp://accesswfonlinewfrbank.xyz/ logdetails/login

Today I got a pfish from a 410 area code to my cell phone in California. Consequently it was a phone number that Wells Fargo never had because the account was only in my husband's account which was switched to another bank provider late last year. Hope this pfishing stuff can be totally stopped.

I just received a text message from Wells Fargo saying my credit card has been stopped. I am not a customer of Wells Fargo and have absolutely no business with your bank.

Anyone using my identity to use your banking services has committed fraud

My name is John Wencil Gully and I have never been a customer

Please have your security contact my email about any account with your bank

My credit report shows none

Sincerely J

Received this just now. I don’t have any Wells Fargo accounts.

"FRM:WELLS FARGO . Call 877-226-1148 NOW

MSG:4417 Debit Card Alert"

Received a text from 1 (410) 100-1005.

FRM:WELLS FARGO .

Call 877-226-1148 NOW

MSG:4417 Debit Card Alert

I don't bank with Wells Fargo.

Scammer need to get a life

We got this email:

"wellsfargo.com

You successfully made a payment

You recently submitted the following payment:

To Account: Wells Fargo XXXXXXXXXXXX0001

From Account: BANK OF AMERICA NA XXXXXXXX3128

Payment Amount: $1850.00

Your payment will be effective as of 27/05/2019.

If you do not make this payment,you can reach us to update/secure your account by clicking on secure account Wells Fargo Education Financial Services Customers, will guild and protect your account.

Sincerely,

Wells Fargo Online Customer Service

wellsfargo.com | Fraud Information Center

Please do not reply to this email directly. To ensure a prompt and secure response, click on secure account.

2ce7f0a3-0364-44f9-b153-dc1063651521

It was sent from: <wells.fargo.notify.alerts@t-online.de>

Any comments or suggestions?

I'm also seeing the wfagent (female name messages). How did they get our information?

Receiving text messages from wfagent(female names only so far) with instructions. First message did reference Wells Fargo. There is an account, but I don't use it.

I spent the last 2-3 days getting annoying phone calls that I was told by phone provider I should just delete.

Blocking seemed to just cause another number to call, usually from a different area code.

I just received text from 1(410) 100-001:

"FRM:wellsfargo service

MSG: We've temporarily blocked your account for security reason. To restore please visit fshuvhx.com."

I blocked it and interestingly enough I don't have a wells Fargo account.

Received via email:

"I just wanted to let you know about the text messages I have been receiving that seem suspicious, I have received 2 in the last 2 days.

This is the first one

Text is from:

wfagent.alisonmonroe@ramapovalleyanimalhospital.com

Body of Text:

(Account Locked) Update46ProtectionWellsFago - hxxp://requestdevice.register.activity31.mgpanel.cl

This is second one:

Text comes from:

hxxp://wfagent.adalynncosta@guerrerosalmundialderppymegaplaza.com

Body of text:

(Account Locked) CustomerBankWellsSuspiciousTransaction452- hxxp://txtrequest.register425new.device.garoblogz.com"

I received a message that my account was closed due to scam. Was asked to text to ogilpiwg.com and the number calling was 41000002. I called wells fargo and they asked me to forward the message. I had already blocked it so do not know how to forward.

Fake text message from:

http://unauthorizedmoneytransactions 304tk34gwe4uf9we8svdfvse9fwbgrew8w.xyz/

I just got one today from: wellsafargo991638@ypf.org

This looks fake too.

the user name was devinefoauth.ga **************

Just FYI.

Received text "Blocked Card from Wells Fargo" with pink but I do t even bank at Wells Fargo! Came from 49495910@jpci.com.

Looks like a scam!

Received text from wellszfargo792718 @ gfi.com. Advised "Account_currently locked!" and prompted authenticate my device at www.newupdatedevuser.ga.

Needless to say, I did not click or respond.

My message was "Alert WF Card Limited. www.deniedwforderga.com"

Heavily Suspect!

They are using this website:

"www.wa-wfb-urgent-matter-security.services/auth/"

Received this text today...FYI

"FRM:acc-834@AE.com

SUBJ:WELLSFARGO BANK NOTIFICATION

MSG:We have detected unauthorized login attempts!To avoid suspension go to: hxxp://duawf.com/i"

I keep getting text messages saying my visa debit card has been locked. I am asked to call 908-336-9399. Since I don't have a wells fargo account, it seems some one is using my cell number . What can I do?

Robert

I have received a text message wellsfargo.device.unlock.account.infonev.com. I checked on my profile through my account on the web and I do not even have receive text messages marked. BEWARE of this text. I would never open a text unless I check my actual sites first.

Received via email:

"I received a text from 2-363-443-9349@ws.com

k.l. myers exec vice president of wf.

saying unauthorized ac4tivity on my account and wanting my id and password"

Just got a text from ann.conder11@verizon.net

"WF Account Suspended!!"

I received a text message from agent.preston@verizon.net:

"content of message:

(Wells Fargo) - hxxps://bit.ly/2HZQ4Be - Check Back With Us - Attention Required

I clicked the link but I didn't give any information on the site that it led me to.

Spoke with Wells, they said they didn't send the text"

Can my phone be compromised because I clicked the link?

Just got one text asking to update device from 707-368-3235 along with link due to ‘site maintenance “

I don't even have Wells Fargo, here is what they sent

"WELLSFARGO.FREEMSG MsgID-oVMFC2 Account temporily suspendedI Authenticate your device now hxxp://www.wellsfinfouer.ga/as7P/0000000000.mob"

All the last zeros is where my phone number was I added 10 zeros instead.

Got one today said:

"WELLSFARGO Alert ID#xfOY7

Security Alert! Authenticate your device now:

www.wfargoauthupd.cf?OHaA/4805400139.mob"

I don't have a Wells Fargo account but received this:

"WELLSFARGO. Alert MsgID-CrJN Account currently suspended! Authenticate your device now: hxxp://www.devmobfwells.ga/ aqgp/5419990761.mob"

Me too 4/12/18

Here’s the “message”:

WellsFargo online suspended, unauthorized login attempts.

unlock

then a link.

I went on my Wells Fargo page no Alert or notes.

I got this one today (April 6, 2018)

Sent from: (936) 628-4753

Here’s the “message”:

WELLSFARGO. Update ID#RAZI Account temporarily locked! update your device:

hxxp://www.fargowauthmob.tk/aIRx/5309069711.mob

I am not a Wells Fargo customer. the texts I have received are from (984)213-1975 and "alert-identify-customer".

We just got a text message scam stating that we need to provide information or we could not make any transactions. I clicked on the link and they asked for login information. After that, they wanted to know our name, social security number, card number, security code and expiration date.

We changed our login information through the mobile app in addition to alerting Wells Fargo of the situation. Family members also got this text message but do not have a Wells Fargo account.

Here is another scam:

"Fwd: WELLSFARGO. Alert ID#beyRwib Please update your device, to avoid account looked: www.wellsfarodeviceauth .gq/B8w8/2156696991.mob"

Received the following spam text message -

"FRM:alert-identifycustomer-securewellsfarg0-MSG:|@Wells-Farg0|***ALERT!Your security matters to us!Go-to=>>>hxxp://secure.id-117519-upgrade.org"

Definitely spam because I do not have any business with them. :) Weirdly, some online scanner tools mark this as a safe link. Here's some detail from one scan -

Final URL:

hxxp://aaawwwwwwwwwwwwww.xxxwwwwwwww.switchsolve.info/

Serving IP address:

209.85.200.121

I received a text message on my cell at 4:07pm, saying to update my device. I did not respond. I called Terika at 1 800 TO WELLS, saying the tel.no texting me was not a Wells Fargo tel. no., informing me to contact this website. Do I delete that text message?

I received a text this morning at 9:30 am on my phone. I am not a customer of Wells Fargo. This is what it said:

"124896433@info.gov ([Wells Fargo-]Your Debit Card was locked Contact@1-585-542-2304 Today!)" This was in New York near Rochester. Hope this helps..took me awhile to find out how to report this. Thank you.

Received via email:

"I received the following text message from 201-762-8255. I suspected that it was fraudulent so I called a legitimate Wells Fargo number and spoke with Joe, who told me that everything was OK with my debit card. He then instructed me to report the fraudulent text message to this email address, reportphish@wellsfargo.com. The contents of the text message are enclosed within quotes as follows:

'NOTlCE-8436012091 from WelIsFARGO Bank. Code: Visa-DEBlT Iocked. CaII us now at 201-762-8255 . Thank you'"

New link associated with the scam: hxxp://wellsfargonotificationonline.net from 410 100-001.

This is one of the scammers' address. Sent them a bunch of bogus info:

hxxp://avestransport.com /wp-includes/file/ wellsfargoadmin/puiu.html

This is my first text that looked 'fishy' -- Not happy to get texts to my cell phone like this!

"FRM:(*Wellsfargo New CIP Message*)

MSG: Account Suspended.

Read this ASAP:

hxxp://customnewcipinformatin.net"

I received a text message from([@wellsfargo-visacard] advising me my card was temporarily disabled by your security-dept! Directing me to this website. It had my correct mobile number.

I do not have a wells Fargo credit card. What should I do?

We just received one from hxxp://www.wellsfargoprotect.com. After doing a google search there is no such official Wells Fargo site. Spam beware.

Send via email:-

Received the following two phishing text yesterday:

"Important message sent to (803) 917-12** by Wells-Fargo. Code: VISA DEBIT Card locked. Call support at: 203-456-9432. Thank You!"

Thanks,

Joe

Wells-Fargo Business Customer