• United States
Contributing Writer

Wells Fargo latest victim of brand spoofing

Jul 31, 20033 mins
Enterprise Applications

* Wells Fargo banking customers get bamboozled

A few weeks ago, we tackled the topic of brand spoofing – when a spammer uses the credibility of a well-known brand to get something out of its customers – to yield personal information or to commit some kind of act, like trying to redeem a coupon. Wells Fargo is the latest victim of brand spoofing.

A mass e-mail went out purporting to be from the bank’s accounting department. The e-mail, which reached Wells Fargo’s customers, claimed to have account information, such as Social Security numbers, attached to the message.

However, when customers tried to open the attachment, a virus was released that collected passwords on the person’s computer and sent them to a third party.

Wells Fargo released this statement to customers:

“Wells Fargo is in no way involved in the distribution of this hoax email, and its systems have not been compromised in any way. As always, we encourage individuals to use and maintain the most updated antivirus software, and never to open emails or attachments that come from an unrecognized source.”

The bank went as far as to set up a hotline that individual customers as well as small-business owners could use to report hoax messages and provide links to antivirus software vendors.

Wells Fargo also offered instructions for customers who already received the message. “Wells Fargo urges recipients of this e-mail to immediately delete both the e-mail and the attachment. Do not open the attachment. If infected, individuals should clean their system using antivirus software and change their Internet and system passwords.”

Finally, the bank issued an FAQ on preventing fraud. It states the importance of not sharing account information with anyone, reporting lost or stolen credit cards immediately, and questioning all suspicious e-mail.

But truth be told, much like other brand spoofing that has occurred lately – and is giving e-commerce a huge black eye – it’s not that easy to discern whether an e-mail message is from a valid company or not. How often does the average person check the return address on an e-mail message? If you’re used to doing business with a company, you probably would not get suspicious about a particular message.

It’s going to take a lot of companies proactively educating mainstream users to thwart brand spoofing – a move most companies should start today.

What do you think? Do the companies you do business with do enough to warn you about possible fraud? Let me know at