The world's premier anti internet scam, anti fraud information website 

  • Wells Fargo possible phishing attempt

  • Exposed fake banks, courier sites, escrow services, law firms, and other fraudulent websites used in scams. 6,444+ fake sites documented with evidence.
It is currently Thu Jun 11, 2026 1:46 pm

Wells Fargo possible phishing attempt

Exposed fake banks, courier sites, escrow services, law firms, and other fraudulent websites used in scams. 6,444+ fake sites documented with evidence.
  Been Targeted by This Scam?

Here's how to report a scam to the FBI, FTC, and other agencies. Read our guides on fake check scams, sugar daddy scams, and sextortion. Not sure? Try our free Scam Checker Tool.

ScamWarners guides: Is this a scam? · Romance scammer signs · Romance scam statistics · Military romance scams · Pig butchering · Recovery scams · Sextortion · Fake check scams · Sugar daddy scams · Report a scam

Wells Fargo possible phishing attempt

  by David Jansen
 
It's just a short letter with the only purpose for you to click on the link. In this case with my Fastmail account the url is disabled and replaced with a warning. Also note the sender's email address which is an yahoo account while Wells Fargo has it's own domain with their email addresses ending with @wellsfargo.com.
You have a new message

From:
"Wells Fargo" <[email protected]> [Add]
To:

Date:
Wed, 25 Nov 2009 3:47 PM (5 hours 45 mins ago)


Return-Path: <[email protected]>
Received: from compute2.internal (compute2.internal [10.202.2.42])
by store66m.internal (Cyrus v2.3.15-fmsvn20771-f904b41c) with LMTPA;
Wed, 25 Nov 2009 10:49:30 -0500
X-Sieve: CMU Sieve 2.3
X-Spam-charsets: html='Windows-1251'
X-Resolved-to:
X-Delivered-to:
X-Mail-from: [email protected]
Received: from mx6.messagingengine.com ([10.202.2.205])
by compute2.internal (LMTPProxy); Wed, 25 Nov 2009 10:49:30 -0500
X-Spam-greylist: Passed. Delay was 1183 seconds. Subnet now whitelisted for 24 hours unless spam received
Received: from nlhlaw.com (adsl-072-151-132-066.sip.mco.bellsouth.net [72.151.132.66])
by mx6.messagingengine.com (Postfix) with ESMTP id 9D6D626B
for <>; Wed, 25 Nov 2009 10:49:29 -0500 (EST)
Received: from User ([67.214.90.106]) by nlhlaw.com with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 25 Nov 2009 09:42:29 -0500
Reply-To: [email protected]
From: Wells Fargo<[email protected]>
Subject: You have a new message
Date: Wed, 25 Nov 2009 08:47:52 -0600
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <[email protected]>
X-OriginalArrivalTime: 25 Nov 2009 14:42:29.0453 (UTC) FILETIME=[837A97D0:01CA6DDD]
X-Truedomain-DKIM: None
X-Truedomain: Neutral

You have a new message from Wells Fargo.

For your protection please follow the link below to view this message securely on Wells Fargo site:

FastMail.FM WARNING: URL text and host don't match, possible phishing attempt. URL disabled. Original URL='http://wells4u.4t.com/alert.htm'. Original text='<FONT color=#0000FF><U>https://online.wellsfargo.com/das/newmsg</U></FONT>'. For more information on phishing click here.
 Return to “Fake sites used for fraud”
 - All times are UTC-04:00 -