Wells Fargo is the world’s fourth-largest bank by market capitalization and the fourth largest bank in the US. They have 258,700 number of employees in 7400 locations in 31 countries. Wells Fargo is also ranked as No. 20 on Fortune’s 2020 rankings of America’s largest corporations.
It is expected that Cybercriminals are targeting Wells Fargo as bank customers are one of the most appealing targets of these threats. Obtaining banking credentials would not only allow Cybercriminals to perpetrate identity theft but also rip off money from their bank accounts.
A cybersecurity firm discovered the attack. According to the firm’s investigation, the cyberattack starts by sending out fake email that impersonates Wells Fargo Security Team. Then inform them that the security team has sent the user a new security key to protect their account. Also, as per the private security firm, this phishing email has successfully reached 20,000 Mail Inboxes.
The email coerces the user to act upon the instruction, not doing so will result in account suspension.
Once the victim takes the bait, they will be redirected to a malicious domain that looks similar to the legitimate login page of the bank, where the victims are asked by the form to enter their account details such as usernames, passwords, PINs and account numbers.
The phishing email also includes a .ics file that is mainly being used by calendar applications to store scheduled information. When an unsuspecting victim has followed the instructions to open the attachment and arrives at the phishing page, their data will be automatically be forwarded to the Cybercriminal’s servers.
More so, the hidden payload on this attack is the .ics (calendar invite) file, which is usually thought to be benevolent. As the message instructed to open the file using their mobile devices, they are attempting to exploit a specific setting where an event will be added to the victim’s calendar. Usually, most of these programs will send out an automatic notification to the user, hoping that the potential victim will click on the even and follow the malicious link.