Wells Fargo "Customer Alert" Phishing Text Messages

Wells Fargo Customer Alert Phishing Text Messages

Cybercriminals are sending out fake text messages disguised as "Customer Alert" to Wells Fargo's customers with links to phishing websites. The phishing websites look exactly like Wells Fargo's website and will ask visitors to sign in with their online account credentials. But, any attempts to sign into the fake website by Well Fargo's customers, will result in their account credentials being sent to the cybercriminals behind the scam.

Here are some of the fake Wells Fargo websites that were embedded in the fake text messages that we have received:

  • hxxp://www.wellsfargorestore4237.net
  • hxxp://www.WellsFargoRestore.com
  • hxxp://www.wellsfargorestore4237.net

The fake websites should not be visited.

Once the cybercriminals have received their potential victims' Well Fargo online account credentials, they will use it to gain access to their accounts, steal their money and use the accounts fraudulently.

This is why it is important that Wells Fargo customers never click on or follow a link to sign into their online accounts. They should always go directly to https://www.wellsfargo.com/ and sign-in from their instead. This will protect them against phishing scams. Also, Wells Fargo's customers can protect their accounts using Two Step Authentication / Verification or Two Factor Authentication. This process creates an additional layer of security that helps protect their information and prevent unauthorized transactions. Click here to learn more.

Well Fargo customers who have been tricked by the fake text messages, are asked to contact Wells Fargo immediately for help.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search Search engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.
Was this article helpful?  +
  • YesLike (0)
  •       
  • NoDislike (0)   
Share this with others:
Facebook
WhatsApp
Twitter
Reddit
Pinterest
Line Me
Save
Donate

Comments, Questions, Answers, or Reviews

Comments (Total: 61)

To protect your privacy, please remove sensitive or identifiable information from your comments, questions, or reviews. We will use your IP address to display your approximate location to other users when you make a post. That location is not enough to find you.

Your post will be set as anonymous because you are not signed in. An anonymous post cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

  • May 23, 2020 at 1:39 PM by an anonymous user from: El Dorado Hills, California, United States

    "hxxp://wffalert1.com New Critical notification"

    Received link via text.

  • April 22, 2020 at 12:32 PM by info

    "I received a text from 1-410-200-500 states:

    frm:wellsfargo-card-suspended-xhoizkbdul

    sub:alert for phone NO: (my phone number)

    MSG:REF. ID XHOIZKBDUL. To restore go to: hxxp://nmdtsd.com?YM=N5717Z4P9QD

    I screen shot it and sent it to Wells Fargo for verification"

    Received via email.

  • April 7, 2020 at 1:25 PM by an anonymous user from: Minneapolis, Minnesota, United States

    rec'd fake text from wellsy.updateg@ikgh.us.com

  • March 18, 2020 at 10:22 PM by an anonymous user from: Corpus Christi, Texas, United States

    I received a "fake" WF account update link via Text on my personal cell which was very upsetting. I did not click the link but called WF immediately to check validity. Of course they sent no such texts and I was told to send them a screenshot at reportphishing@wellsfargo, which then was returned instantly because the system thought it was a "phishing" email. -sigh-

  • November 21, 2019 at 9:14 PM by an anonymous user from: Norfolk, Virginia, United States

    I have received two "emails" that show up as text messages to my cell phone and I do not have an account at Wells Fargo as far as I know and the only one that we did have at one time was a line of credit and it was paid off and and the line was closed. I do not know if anyone else has received these two text messages on the same day or not, they are as follows: agwf.ericsmithtransaction@ve (the rest of the email address is cut off could be verizon?) with the message of: (CustomerBankWells)-hxxp://bit.ly2D6Byae which I have no idea what it is for but have not opened it because I don't know if it will install Malware or let a scammer get access to my phone.

    The second one is as follows: blockedtransactionwf.fotech99343 message as follows: (WellsBank) http://notification.update.account.suspended929.xn-ihq441h.hk

    Once again I did not click on the link as for the same reason above; Malware or scammer?

    I have reported this to the FTC as well I will have to check with a local Wells Fargo to see if they know anything about this too. Just wanted to put it out there.

  • November 21, 2019 at 7:10 PM by an anonymous user from: Los Angeles, California, United States

    Received Message:

    FRM:Wells Fargo Banking

    SUBJ:ATM/Debit Card alerts

    MSG:Urgently verify the identity of the card

    Please verify: hxxp://account-banking-wells.ml

  • November 17, 2019 at 6:41 PM by an anonymous user from: Canoga Park, California, United States

    Received the following as a text message just now...

    (Alert from WellsBank) Verify identity to avoind suspending hxxp://accesswfonlinewfrbank.xyz/ logdetails/login

  • July 10, 2019 at 3:11 PM by an anonymous user from: Sunnyvale, California, United States

    Today I got a pfish from a 410 area code to my cell phone in California. Consequently it was a phone number that Wells Fargo never had because the account was only in my husband's account which was switched to another bank provider late last year. Hope this pfishing stuff can be totally stopped.

  • June 21, 2019 at 12:51 PM by an anonymous user from: Chico, California, United States

    I just received a text message from Wells Fargo saying my credit card has been stopped. I am not a customer of Wells Fargo and have absolutely no business with your bank.

    Anyone using my identity to use your banking services has committed fraud

    My name is John Wencil Gully and I have never been a customer

    Please have your security contact my email about any account with your bank

    My credit report shows none

    Sincerely J

  • June 20, 2019 at 11:31 AM by info

    Received this just now. I don’t have any Wells Fargo accounts.

    "FRM:WELLS FARGO . Call 877-226-1148 NOW

    MSG:4417 Debit Card Alert"

  • June 19, 2019 at 8:43 AM by an anonymous user from: Rochester, Minnesota, United States

    Received a text from 1 (410) 100-1005.

    FRM:WELLS FARGO .

    Call 877-226-1148 NOW

    MSG:4417 Debit Card Alert

    I don't bank with Wells Fargo.

  • June 4, 2019 at 10:31 AM by an anonymous user from: Norfolk, Virginia, United States

    Scammer need to get a life

  • May 26, 2019 at 8:31 AM by an anonymous user from: Atlanta, Georgia, United States

    We got this email:

    "wellsfargo.com

    You successfully made a payment

    You recently submitted the following payment:

    To Account: Wells Fargo XXXXXXXXXXXX0001

    From Account: BANK OF AMERICA NA XXXXXXXX3128

    Payment Amount: $1850.00

    Your payment will be effective as of 27/05/2019.

    If you do not make this payment,you can reach us to update/secure your account by clicking on secure account Wells Fargo Education Financial Services Customers, will guild and protect your account.

    Sincerely,

    Wells Fargo Online Customer Service

    wellsfargo.com | Fraud Information Center

    Please do not reply to this email directly. To ensure a prompt and secure response, click on secure account.

    2ce7f0a3-0364-44f9-b153-dc1063651521

    It was sent from: <wells.fargo.notify.alerts@t-online.de>

    Any comments or suggestions?

    • May 26, 2019 at 10:56 AM by info

      It is fake.

  • April 8, 2019 at 4:25 PM by an anonymous user from: Elmhurst, Illinois, United States

    I'm also seeing the wfagent (female name messages). How did they get our information?

  • April 7, 2019 at 8:10 PM by an anonymous user from: Fair Oaks, California, United States

    Receiving text messages from wfagent(female names only so far) with instructions. First message did reference Wells Fargo. There is an account, but I don't use it.

    I spent the last 2-3 days getting annoying phone calls that I was told by phone provider I should just delete.

    Blocking seemed to just cause another number to call, usually from a different area code.

    • April 8, 2019 at 4:28 PM by an anonymous user from: Elmhurst, Illinois, United States

      I'm also seeing wfagent with link and instructions for overdraft protection. This is from female names and the sequinlumbercompany.com address.

  • April 3, 2019 at 12:18 PM by an anonymous user from: Nashville, Tennessee, United States

    I just received text from 1(410) 100-001:

    "FRM:wellsfargo service

    MSG: We've temporarily blocked your account for security reason. To restore please visit fshuvhx.com."

    I blocked it and interestingly enough I don't have a wells Fargo account.

    • April 3, 2019 at 1:31 PM by an anonymous user from: Seattle, Washington, United States

      I JUST received one that says "We've temporarily suspended your account for suspicious activity. to restore please visit bfejaao.com."

      From the same number you listed

  • March 29, 2019 at 1:01 PM by info

    Received via email:

    "I just wanted to let you know about the text messages I have been receiving that seem suspicious, I have received 2 in the last 2 days.

    This is the first one

    Text is from:

    wfagent.alisonmonroe@ramapovalleyanimalhospital.com

    Body of Text:

    (Account Locked) Update46ProtectionWellsFago - hxxp://requestdevice.register.activity31.mgpanel.cl

    This is second one:

    Text comes from:

    hxxp://wfagent.adalynncosta@guerrerosalmundialderppymegaplaza.com

    Body of text:

    (Account Locked) CustomerBankWellsSuspiciousTransaction452- hxxp://txtrequest.register425new.device.garoblogz.com"

  • February 6, 2019 at 1:42 PM by an anonymous user from: Long Beach, Washington, United States

    I received a message that my account was closed due to scam. Was asked to text to ogilpiwg.com and the number calling was 41000002. I called wells fargo and they asked me to forward the message. I had already blocked it so do not know how to forward.

  • January 29, 2019 at 7:42 PM by an anonymous user from: Columbus, Georgia, United States

    Fake text message from:

    http://unauthorizedmoneytransactions 304tk34gwe4uf9we8svdfvse9fwbgrew8w.xyz/

  • November 26, 2018 at 5:12 PM by an anonymous user from: Canby, Oregon, United States

    I just got one today from: wellsafargo991638@ypf.org

    This looks fake too.

    the user name was devinefoauth.ga ***

    Just FYI.

  • November 23, 2018 at 6:33 PM by an anonymous user from: Boise, Idaho, United States

    Received text "Blocked Card from Wells Fargo" with pink but I do t even bank at Wells Fargo! Came from 49495910@jpci.com.

    Looks like a scam!

  • November 21, 2018 at 4:38 PM by an anonymous user from: New York, United States

    Received text from wellszfargo792718 @ gfi.com. Advised "Account_currently locked!" and prompted authenticate my device at www.newupdatedevuser.ga.

    Needless to say, I did not click or respond.

  • November 15, 2018 at 9:13 PM by an anonymous user from: Atlanta, Georgia, United States

    My message was "Alert WF Card Limited. www.deniedwforderga.com"

    Heavily Suspect!

  • September 10, 2018 at 9:31 AM by an anonymous user from: Redmond, Washington, United States

    They are using this website:

    "www.wa-wfb-urgent-matter-security.services/auth/"

    • September 27, 2018 at 2:02 PM by an anonymous user from: Winter Park, Florida, United States

      and this one "www.authusernew.ml/LVae6"

  • September 7, 2018 at 2:45 PM by an anonymous user from: Apopka, Florida, United States

    Received this text today...FYI

    "FRM:acc-834@AE.com

    SUBJ:WELLSFARGO BANK NOTIFICATION

    MSG:We have detected unauthorized login attempts!To avoid suspension go to: hxxp://duawf.com/i"

  • August 16, 2018 at 2:54 PM by an anonymous user from: San Antonio, Texas, United States

    I keep getting text messages saying my visa debit card has been locked. I am asked to call 908-336-9399. Since I don't have a wells fargo account, it seems some one is using my cell number . What can I do?

    Robert

    • August 16, 2018 at 4:05 PM by info

      Report the text messages to your cellphone service provider.

  • June 19, 2018 at 1:13 PM by an anonymous user from: New York, United States

    I have received a text message wellsfargo.device.unlock.account.infonev.com. I checked on my profile through my account on the web and I do not even have receive text messages marked. BEWARE of this text. I would never open a text unless I check my actual sites first.

  • June 5, 2018 at 10:31 PM by info

    Received via email:

    "I received a text from 2-363-443-9349@ws.com

    k.l. myers exec vice president of wf.

    saying unauthorized ac4tivity on my account and wanting my id and password"

  • May 28, 2018 at 9:29 AM by an anonymous user from: Durham, North Carolina, United States

    Just got a text from ann.conder11@verizon.net

    "WF Account Suspended!"

    • May 29, 2018 at 12:29 PM by an anonymous user from: Raleigh, North Carolina, United States

      Me too - and then one from sam.schulz@verizon.net saying "WF Overdraft Protection LOCKED" with a link.

  • May 5, 2018 at 11:32 PM by an anonymous user from: San Francisco, California, United States

    I received a text message from agent.preston@verizon.net:

    "content of message:

    (Wells Fargo) - hxxps://bit.ly/2HZQ4Be - Check Back With Us - Attention Required

    I clicked the link but I didn't give any information on the site that it led me to.

    Spoke with Wells, they said they didn't send the text"

    Can my phone be compromised because I clicked the link?

    • May 9, 2018 at 5:20 PM by an anonymous user from: Detroit, Michigan, United States

      it absolutely could - keep a watch on your accounts and make sure nothing is being charged over the next few weeks/months that you didn't authorize. They could be able to see your passwords you're typing in.

    • May 5, 2018 at 11:45 PM by info

      No, not unless you download a malicious app or gave them your account credentials.

  • April 23, 2018 at 7:39 PM by an anonymous user from: Sunnyvale, California, United States

    Just got one text asking to update device from 707-368-3235 along with link due to ‘site maintenance “

  • April 17, 2018 at 5:51 PM by an anonymous user from: Apache Junction, Arizona, United States

    I don't even have Wells Fargo, here is what they sent

    "WELLSFARGO.FREEMSG MsgID-oVMFC2 Account temporily suspendedI Authenticate your device now hxxp://www.wellsfinfouer.ga/as7P/0000000000.mob"

    All the last zeros is where my phone number was I added 10 zeros instead.

  • April 15, 2018 at 1:09 PM by an anonymous user from: Aurora, Colorado, United States

    Got one today said:

    "WELLSFARGO Alert ID#xfOY7

    Security Alert! Authenticate your device now:

    www.wfargoauthupd.cf?OHaA/4805400139.mob"

  • April 13, 2018 at 1:28 PM by an anonymous user from: Des Moines, Washington, United States

    I don't have a Wells Fargo account but received this:

    "WELLSFARGO. Alert MsgID-CrJN Account currently suspended! Authenticate your device now: hxxp://www.devmobfwells.ga/ aqgp/5419990761.mob"

  • April 12, 2018 at 1:18 PM by an anonymous user from: La Crosse, Wisconsin, United States

    Me too 4/12/18

    Here’s the “message”:

    WellsFargo online suspended, unauthorized login attempts.

    unlock

    then a link.

    I went on my Wells Fargo page no Alert or notes.

  • April 6, 2018 at 6:22 PM by an anonymous user from: Grass Valley, California, United States

    I got this one today (April 6, 2018)

    Sent from: (936) 628-4753

    Here’s the “message”:

    WELLSFARGO. Update ID#RAZI Account temporarily locked! update your device:

    hxxp://www.fargowauthmob.tk/aIRx/5309069711.mob

  • April 5, 2018 at 6:33 AM by an anonymous user from: Sells, Arizona, United States

    I am not a Wells Fargo customer. the texts I have received are from (984)213-1975 and "alert-identify-customer".

  • March 12, 2018 at 10:27 AM by an anonymous user from: Sherman, Texas, United States

    We just got a text message scam stating that we need to provide information or we could not make any transactions. I clicked on the link and they asked for login information. After that, they wanted to know our name, social security number, card number, security code and expiration date.

    We changed our login information through the mobile app in addition to alerting Wells Fargo of the situation. Family members also got this text message but do not have a Wells Fargo account.

  • March 6, 2018 at 8:33 PM by info

    Here is another scam:

    "Fwd: WELLSFARGO. Alert ID#beyRwib Please update your device, to avoid account looked: www.wellsfarodeviceauth .gq/B8w8/2156696991.mob"

  • February 28, 2018 at 5:58 PM by an anonymous user from: Ventura, California, United States

    Received the following spam text message -

    "FRM:alert-identifycustomer-securewellsfarg0-MSG:|@Wells-Farg0|***ALERT!Your security matters to us!Go-to=>>>hxxp://secure.id-117519-upgrade.org"

    Definitely spam because I do not have any business with them. :) Weirdly, some online scanner tools mark this as a safe link. Here's some detail from one scan -

    Final URL:

    hxxp://aaawwwwwwwwwwwwww.xxxwwwwwwww.switchsolve.info/

    Serving IP address:

    209.85.200.121

  • February 21, 2018 at 5:03 PM by an anonymous user from: Orange, Texas, United States

    I received a text message on my cell at 4:07pm, saying to update my device. I did not respond. I called Terika at 1 800 TO WELLS, saying the tel.no texting me was not a Wells Fargo tel. no., informing me to contact this website. Do I delete that text message?

    • February 22, 2018 at 1:23 AM by info

      Post the text here and then you can delete it.

  • November 22, 2017 at 9:36 AM by an anonymous user from: Medina, New York, United States

    I received a text this morning at 9:30 am on my phone. I am not a customer of Wells Fargo. This is what it said:

    "124896433@info.gov ([Wells Fargo-]Your Debit Card was locked Contact@1-585-542-2304 Today!)" This was in New York near Rochester. Hope this helps..took me awhile to find out how to report this. Thank you.

  • November 10, 2017 at 11:50 AM by info

    Received via email:

    "I received the following text message from 201-762-8255. I suspected that it was fraudulent so I called a legitimate Wells Fargo number and spoke with Joe, who told me that everything was OK with my debit card. He then instructed me to report the fraudulent text message to this email address, reportphish@wellsfargo.com. The contents of the text message are enclosed within quotes as follows:

    'NOTlCE-8436012091 from WelIsFARGO Bank. Code: Visa-DEBlT Iocked. CaII us now at 201-762-8255 . Thank you'"

  • October 13, 2017 at 9:49 AM by an anonymous user from: Sunnyvale, California, United States

    New link associated with the scam: hxxp://wellsfargonotificationonline.net from 410 100-001.

  • October 10, 2017 at 11:36 AM by an anonymous user from: Atlanta, Georgia, United States

    This is one of the scammers' address. Sent them a bunch of bogus info:

    hxxp://avestransport.com /wp-includes/file/ wellsfargoadmin/puiu.html

  • October 5, 2017 at 10:48 AM by an anonymous user from: Jacksonville, Florida, United States

    This is my first text that looked 'fishy' - Not happy to get texts to my cell phone like this!

    "FRM:(*Wellsfargo New CIP Message*)

    MSG: Account Suspended.

    Read this ASAP:

    hxxp://customnewcipinformatin.net"

  • August 16, 2017 at 3:19 PM by an anonymous user from: Linglestown, Pennsylvania, United States

    I received a text message from([@wellsfargo-visacard] advising me my card was temporarily disabled by your security-dept! Directing me to this website. It had my correct mobile number.

    I do not have a wells Fargo credit card. What should I do?

    • August 16, 2017 at 3:32 PM by info

      Just delete the text.

  • July 15, 2017 at 11:21 PM by an anonymous user from: San Diego, California, United States

    We just received one from hxxp://www.wellsfargoprotect.com. After doing a google search there is no such official Wells Fargo site. Spam beware.

  • June 1, 2017 at 1:54 PM by info

    Send via email:-

    Received the following two phishing text yesterday:

    "Important message sent to (803) 917-12** by Wells-Fargo. Code: VISA DEBIT Card locked. Call support at: 203-456-9432. Thank You!"

    Thanks,

    Joe

    Wells-Fargo Business Customer

    • August 9, 2017 at 6:18 PM by an anonymous user from: Bedminster, New Jersey, United States

      I just got one that asked me to call a number saying my card was blocked. Strange phone number when I call, I'm immediately asked to enter my card number. I hung up.

    • June 26, 2017 at 2:39 PM by an anonymous user from: Millbrook, Alabama, United States

      Received a similar text but to call support at 201-371-1875. Looks like texts and voicemails are replacing email phishing attempts.

Comments Show More Comments (60)

Write Your Comment, Question, Answer, or Review

Wells Fargo "Customer Alert" Phishing Text Messages