Original Phishing Message

NOTE: If you received this message, please delete it and DO NOT click on any links. This message is not legitimate.

Tips for Detection

• Notice the maroon caution banner prepended to the message. This banner is added on messages that match patterns of other phishing attempts.
• The email is not sent from a wells fargo address. Instead it is sent by “from[.]QI6fDOY6sxPqowm[@]AcreVo[.]com”
• Hovering over the hyperlinked text reveals that the link “vk[.]cc/cikV46?FeOvmRGXOY” which brings you to a very convincing wells fargo login page

Where Did the Link Lead?

The link led to a a site designed to collect your credentials. Never enter your username/password on sites you do not recognize.

Text of Phishing Message

From: from[.]QI6fDOY6sxPqowm[@]AcreVo[.]com
Subject: You received a new letter

Dear Customer: We’re are letting you know we’ve detected an unsual activity on your card card on 11/7/2022 11:32:31 PM EST which may result to the closure of your account and card to ensure safety and continuous use of your card, please Click here To Process Note: Therefore we have placed a security hold on your online access to provide better security for your protection. Your security is our 1st priority, Thank you for being a valued client. Sincerely, Online Banking Team

Please do not reply to this automated email. 2386-148-af0e-76PJamRtTb-a2656bd3_xfaXuYAFuQ_7f41-14c