MailGuard has intercepted a phishing email impersonating Wells Fargo, designed to steal banking credentials, email login details, and sensitive personal information. The email claims that cheques deposited into the recipient’s Wells Fargo account have been flagged because of an unusually large deposit that exceeds the account limit. It urges the recipient to review documents via a link labelled “View Check Deposit & Resolve Here.”
The email purports to come from “Wells Fargo” and uses the sending address wellsfargo.doucments@achipu.com. The misspelling of “documents” in the sender address is an immediate warning sign.
Once the recipient clicks the link, they are taken to a phishing site designed to imitate a Wells Fargo online banking login page. The first page asks for a username and password.
The scam then progresses through several additional stages, each designed to collect more sensitive information. After the first login screen, the recipient is asked to enter a six-digit SMS code. This is intended to capture multi-factor authentication details and may allow cybercriminals to attempt account access in real time.
Example phishing content shown using Wells Fargo branding. Not affiliated with Wells Fargo.
The next page asks the victim to update their email address by entering an email address and email password. This is particularly concerning because access to an email account can allow cybercriminals to reset passwords, monitor communications, and attempt further fraud.
Example phishing content shown using Wells Fargo branding. Not affiliated with Wells Fargo.
The scam then asks for the victim’s name and address.
Example phishing content shown using Wells Fargo branding. Not affiliated with Wells Fargo.
Which is then followed by additional verification details including SSN or ITIN, and date of birth.
Example phishing content shown using Wells Fargo branding. Not affiliated with Wells Fargo.
Then the mother’s maiden name, and driver’s licence number.
Example phishing content shown using Wells Fargo branding. Not affiliated with Wells Fargo.
The final page displays a “Verification Completed” message, giving the victim the impression that their details have been successfully updated.
Example phishing content shown using Wells Fargo branding. Not affiliated with Wells Fargo.
This multi-step process is designed to appear legitimate and procedural. Rather than asking for all information at once, the scam imitates a staged verification workflow that may seem familiar to online banking users.
Financial services phishing scams are especially dangerous because they often combine urgency, account security language, and brand familiarity. In this case, the attackers are not only attempting to steal banking credentials, but also information that could be used for identity theft, account takeover, and further fraud.
There are several warning signs in this phishing campaign:
The sender address does not belong to Wells Fargo.
The word “documents” is misspelled in the email address.
The email is not addressed to the recipient by name.
The message creates urgency by claiming the account has been flagged.
The link directs users to a domain unrelated to Wells Fargo.
The phishing site asks for banking, email, SMS, identity, and licence details.
The scam requests information that a legitimate bank should not require through an unsolicited email link.
Stay Safe, Know the Signs
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist AI-powered, zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.