A recent 2023 report by the U.S. Federal Trade Commission (FTC) revealed alarming new revelations about text message scams. Around $330 million in losses were incurred by consumers in 2022 due to a variety of text scams - a figure more than double what was reported the previous year.
The most common SMS scam is where fraudsters impersonate well-known businesses, particularly big-name financial institutions like Wells Fargo Bank. Read on to learn why and how these scams swindle people, how to spot fake Wells Fargo texts and the steps you can take to protect your bank account.
What is the Wells Fargo text scam?
The Wells Fargo text scam is just one of many types of SMS fraud where cybercriminals impersonate banks and other financial institutions. Wells Fargo is one of America's 'Big Four Banks' and operates internationally in countries like China, Japan, Canada and the U.K. With more than 70 million Wells Fargo customers worldwide, scammers have a vast pool of potential victims to target.
A Wells Fargo scam text comes in various forms:
Bogus urgent alerts about the customer's account being suspended or blocked.
Phishing attempts designed to steal confidential information such as personal data or PIN codes for account verification. These can include account information update requests.
Fake login alerts and warnings about account security breaches or unusual activity.
How bank text scams work
Common scams work like this: you get a text message from your bank stating that an unauthorised person is attempting to log into your mobile banking account. Or that your debit card has been charged with an unfamiliar transaction, and if you don't recognise it, you should take steps to secure your account. You may be encouraged to click a URL within the text message, which is actually a fake website or login portal that captures your personal data or triggers a malware download. Or you’ll be asked to reply with more details, which helps hackers gain account access.
Why bank text scams work today
It's 2024, so you'd think by now that most people are wise to suspicious text scams and can spot them a mile off. Sadly, cyberthieves are becoming smarter and more creative in how they target people.
Banks are trusted institutions, so a well-timed text message, with the right wording and sender name, can look genuine and catch you off guard. Scam texts can also convey a sense of urgency - especially ones that say the recipient's account has been closed or a considerable amount of money has been stolen from them. These are designed to cause panic. Under stress, people are more likely to make rash decisions and act without thinking things through - like clicking on a scam link that can later lead to major financial losses.
In October 2023, Daytona Beach resident Ashley Willis had $55K stolen from her Wells Fargo account in a text scam that made her believe suspicious activity had occurred. She received two fake alerts stating that unauthorised transactions totalling nearly $2K had been taken from her account. Willis fell for the scam due to shock and awe - she saw the name Wells Fargo, and both texts contained the bank's official customer service number. However, the source phone number the messages were sent from was unrelated to the bank.
Does Wells Fargo send out text messages?
Wells Fargo does indeed send customers text messages - which is another reason why these types of SMS scams work. It's incredibly common for financial institutions, including banks, to text customers for the following reasons:
To notify them about unusual activity on their account.
To send text alerts to help customers monitor their balance, track upcoming payments, and see recent deposits.
To send one-time passcodes (OTPs) as an extra security measure to enable customers to log into their accounts safely and securely.
Because of the rise in cybercrime and the fact that text scammers are getting increasingly cunning, it's tricker than ever to tell fake texts apart from legitimate ones.
How to spot the Wells Fargo text scam (and similar fraud)
The key to identifying text message scams is twofold: recognising red flags and being constantly vigilant. Here are some common characteristics to watch out for in fraudulent texts:
Bad spelling and grammar - scammers often include typos on purpose to bypass spam filters programmed to look for specific keywords. They also want to weed out recipients who are most likely to fall prey to their scam and discourage responses from people who aren't easily deceived. (Often, vulnerable recipients will overlook typos.)
Suspicious-looking links - closely inspect the URL within the text message to see if there's anything unusual about it, like an added or misspelt word or random characters. Karl Kalvik, Messente’s anti-fraud specialist, explains more: “The official Wells Fargo website URL is www.wellsfargo.com. Whereas, www.wellsfargobank.com, www.wellsfargo.org and wellsfargo-23298.com are examples of domains that have been altered. When you click on an altered domain, the scammer could take you to a dodgy website that captures your data (without you even having to type anything into a form).”
Incorrect branding - well-established brands may include their company logo to convey trust. Check that the branding looks legitimate in terms of design, style, and colours.
Odd tone or language - look out for sentences that are awkwardly structured or look strange with too many capitals. Any remotely threatening wording is also a warning sign, e.g. "Update your data now, or your account will be blocked."
Dubious Sender ID - Wells Fargo typically sends banking notifications from the short code 93557. If you receive a text claiming to be from Wells Fargo that's from a 10-digit long code number, it will be fake. The same can safely be said for other big banks too; most will use a dedicated short code for SMS alerts to customers. That said, Sender IDs can be spoofed or cloned - so be sure to check for all the other points mentioned above.
How to protect your bank account
Aside from knowing how to spot fraudulent text messages, you can do several things to keep your bank account and personal information safe from cybercriminals. The first step is to be aware of the different types of scams and then observe secure communication practices. For example:
Verify that text messages are genuine. If you're unsure, the best way to check is to contact your bank directly using the official phone number on the bank's website.
Never click on suspicious links or type your information into data capture forms.
Never reply to text message requests for personal or financial information.
Be careful about who you give your phone number or email address to. Ensure you know how businesses intend to use your personal data when you sign up for a new service or buy something online.
Strengthen your account security. Choose a robust online banking password, update it regularly and never write it down or share it with others. Don't use the same password across various online accounts and apps. Set up two-factor authentication (2FA) with your bank as an additional layer of security.
Never share access codes you've received with anyone (scammers sometimes try to convince their victims that a text message OTP has been delivered to them accidentally).
Regularly check transactions and review your bank and credit card statements with a fine tooth comb. Set up emergency alerts that notify you of any unusual activity (and ensure you know what these texts will look like).
What to do if you experience a Wells Fargo text scam
If you receive a suspicious text and need to check whether it's genuine, you can email the Wells Fargo helpline. If you've clicked on a link within the message, call the Wells Fargo fraud team immediately at 1-866-867-5568. And if you replied and shared any personal account details, call 1-800-869-3557. If you didn't respond, forward the suspicious text message to reportphish@wellsfargo.com.
Recognise and report spam texts
Text message scams are unfortunately on the rise, with cybercriminals targeting people from behind the faces of the world's biggest banks. Even if you're switched on about mobile fraud, it only takes a moment of panic to unwittingly click on a suspicious link or be persuaded to hand over sensitive details that could result in stolen funds.
You can protect yourself from banking scams like this by knowing the warning signs, being vigilant about secure communication practices and enhancing the security of your online accounts. Logging into your account using two or more authentication methods might be cumbersome, but it's worth it when you consider the alternative.
When you spot a suspicious text message from your bank, report it straightaway - this makes it harder for a text scammer to carry out their activity and helps protect other potential victims from phishing scams and identity theft.
Does your business need to help customers securely log into their online accounts? Discover how Messente's SMS verification service can help.
