A man looks at his phone worriedly.
A man looks at his phone worriedly.
Financial Health
March 17, 2020

Beware of coronavirus phishing scams

Protect your personal information from cybercriminals.

Nota del editor: También está disponible una versión en español de esta historia.

As social distancing measures take effect across the United States to combat the spread of coronavirus, it’s important to make sure your personal information also remains safe as more activity shifts online.

The Secret Service recently issued a coronavirus phishing alert in anticipation of a spike in phishing and social engineering scams related to the pandemic. Calling the coronavirus situation a “prime opportunity for enterprising criminals,” the alert is one of many from government organizations cautioning the public against scammers trying to manipulate people into divulging confidential information.

“Scammers follow the headlines, and unfortunately, we tend to see a rise in fraudulent activity in times of vulnerability as criminals try to catch people off-guard.” — Gary Owen, Wells Fargo’s chief information security officer

“Scammers follow the headlines, and unfortunately, we tend to see a rise in fraudulent activity in times of vulnerability as criminals try to catch people off-guard,” said Gary Owen, Wells Fargo’s chief information security officer. “Scammers are becoming increasingly adept at spoofing friends, family, and businesses, so people need to be aware of what scams are out there, and stay vigilant about what information they are giving out.”

Phishing through emails or texts is one of the most common techniques used to acquire sensitive information such as usernames and passwords. Scammers have been exploiting coronavirus fears by posing as health and medical organizations. The World Health Organization and Center for Disease Control have both been impersonated through emails that ask people to click fake links to important coronavirus information. These links can download malicious software or direct people to false sites that harvest important data that is later used for fraudulent activity.

Social engineering scams targeting people through online websites and communications are also on the rise. These include false charities seeking coronavirus-related donations, as well as romance scams, where criminals build a relationship with their victims online, then ask for money to be wired because of an unfortunate circumstance — being quarantined due to coronavirus, for instance.

Tips for fraud prevention

Owen adds that awareness is key, especially as digital interactions increase with more people telecommuting and schools moving instruction online due to social distancing measures.

Tips to help keep your online account safe. 1. Choose strong passwords with a unique mix of letters and numbers. 2. Activate two-factor authentication for signing on to online banking. 3. Do not respond to phone calls, text messages, or emails from suspicious senders. 4. Review account activity regularly, and report unauthorized or suspicious transactions immediately.

“Be aware of who is calling and what you’re clicking on,” Owen said. “If there is any uncertainty, do not respond to requests for information, and go straight to the source to verify legitimacy if possible. When Wells Fargo contacts a customer, for example, we will never ask for a card PIN, access code, or online banking password. If you are unsure, call the number on the back of your card to verify the legitimacy of any request.”

Visit Wells Fargo’s Fraud Prevention Tips page for more information.


Other best practices to help keep your Wells Fargo and other online accounts safe include choosing usernames and passwords that vary from account to account. For stronger passwords, use a unique phrase with a mix of letters and numbers. Activating two-factor authentication, which requires an additional verification step to sign in — usually in the form of a code sent to your phone or email — also helps keep accounts secure. Use your email application’s “Report Spam” button to flag suspicious emails.

Wells Fargo will continue to follow company policies and procedures related to customer identification and asset movement to protect customers from fraud. If you receive a suspicious email or text from Wells Fargo, please forward it to reportphish@wellsfargo.com. If you clicked a link, opened an attachment, or provided personal information, please call us immediately at 1-866-867-5568.