BladesDynamicDemoBlade

It pro logo

News

Security week logo

American banker logo

Employees of large corporations are being targeted with phishing emails that impersonate the Wells Fargo security team and use innocent-looking calendar invitations as clickbait.

The fraudsters try to get message recipients to click on the invitations, which take them to a malicious website that resembles the Wells Fargo site, according to Abnormal Security, a cybersecurity research firm that says it discovered the attack.

Wells Fargo customers targeted with phishing attacks using calendar invites

Between the second and third weeks of March 2020, email scams and phishing attacks spiked by an unprecedented 436%. Such was the effect of the COVID-19 pandemic. Meanwhile, business email compromise (BEC) attacks have been less affected by the pandemic, but have also increased and evolved.

COVID-19 Fuels Phishing and Scams While BEC Attacks Evolve and Increase

Tech republic logo

Symbol yellow 01w

Press Releases

Abnormal Securitytoday published research data that shows a 200 percent increase in BEC attacks focused on invoice or payment fraud from April to May 2020. This sharp rise continues the trend observed by Abnormal Security throughout the year.

Abnormal Security Data Reveals 200 Percent Monthly Increase in Invoice and Payment Fraud Business Email Compromise Attacks

The Business Email Compromise (BEC) is a more focused and potentially more profitable type of phishing scam favored by many cybercriminals. Abnormal Security found a 75% increase in this type of campaign in the first three months of the year and a spike of 200% from April to May.

2020 sees rise in invoice and payment fraud BEC attacks

Homepage

Breadcrumbs

Abnormal AI provides advanced email security to prevent credential phishing, business email compromise, account takeover, and more.

Abnormal AI

In the most recent phishing campaign, threat actors impersonated Wells Fargo, leading its customers to phishing pages using fake calendar invites via .ics calendar file attachments. Threat actors were then able to trick unsuspecting customers into entering sensitive information and credentials.

Phishing attacks target unsuspecting Wells Fargo customers

In the most recent phishing campaign, threat actors impersonated Wells Fargo, leading its customers to phishing pages using fake calendar invites via .ics…

description

threat, actors, customers, phishing, calendar, invites, campaign, impersonated, leading, pages, fake, able, unsuspecting, entering, file

keywords

https://images.abnormalsecurity.com/production/images/press/it-pro-logo.png?w=1200&h=630&q=82&auto=format&fit=crop&dm=1631719015&s=cfe273dd49fa62370522db20758a46cf

https://abnormal.ai/about/news/phishing-attacks-target-unsuspecting-wells-fargo-customers

referrer

robots

twitter:card

twitter:creator

twitter:description

https://images.abnormalsecurity.com/production/images/press/it-pro-logo.png?w=800&h=418&q=82&auto=format&fit=crop&dm=1631719015&s=46f7a986c64bbfef666e399a776ab859

twitter:image

twitter:image:alt

twitter:image:height

twitter:image:width

twitter:site

twitter:title

{"title":{"title":"Phishing attacks target unsuspecting Wells Fargo… | Abnormal AI"}}

Demo

Schedule a Demo

The Brave New World of AI Cyber Crime with Evan Reiser from Abnormal AI

Abnormal AI: 2025 CNBC Disruptor 50

Generative AI Could Revolutionize Email—for Hackers

Ones to Watch in Tech

Email Subscribe

<p>Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.</p>

Newsroom

Persistent Nav Click - RSAC 2026 Meetings Hub

<p>Join Abnormal experts during RSAC from March 23-26</p>

vs Mimecast

vs Avanan

Secondary CTA

What text is displayed on the primary CTA (see sheet for details on copy)

Primary CTA Text

Form Columns

chakra-ui-ChakraProvider

Button

EmbeddedVideo

EyebrowText

Footer

Screen

PrimaryCtaText

FormColumns

VsMimecast

SecondaryCta

VsAvanan

Abnormal Solutions

react-awesome-reveal

lottie-react

date-fns

plasmic-nav

react-scroll-parallax-global

plasmic-embed-css

Abnormal Pages

Abnormal Careers

loading-boundary

plasmic-query

plasmic-basic-components

Abnormal Privacy/Legal

Abnormal Why Abnormal

Abnormal Landing Pages

react-aria

plasmic-rich-components

Abnormal Partners

Abnormal Products

Abnormal Design System

Abnormal Marketing

antd5 hostless

react-slick

B 5 Attacks to Watch for in 2026 Threat Report

Threat Reports

Explore the 5 email attacks most likely to increase risk in 2026. See real-world examples and get insights into why traditional email security falls short.

2026 Threat Outlook: 5 Email Attacks You Need to Know

Threat Intel

B EDU Duo MFA Threat Intel Report

A phishing campaign targets universities, stealing credentials and Duo OTPs for real-time account takeover. Learn how it works and how to stop it.

Compromising Campus Accounts: Attackers Harvest Credentials and Duo OTPs for Account Takeover

B 1500x1500 MKT889c Forrester Wave

Analyst Research

Abnormal AI received the highest scores possible in the Innovation and Roadmap criteria, the top score in the Strategy category, and above-average customer feedback.

Abnormal Named a Leader in The Forrester Wave™: Email, Messaging, And Collaboration Security Solutions, Q2 2025

Email Security

B 1500x1500 MKT963 Open Graph Images for SOC Survey

Discover insights from the latest research study on how security teams are leveraging AI to transform the security operations center (SOC)—boosting efficiency, reducing analyst burnout, and improving threat detection and response.

Human-Centered AI: Redefining the Modern SOC

Security Operations Center (SOC)

Essential Guide to CES Blog Cover 1500x1500 pptx

White Papers

Discover the eight biggest challenges in cloud email security and learn how to evaluate AI-powered solutions with a vendor-neutral framework built to stop modern threats.

The Essential Guide to Cloud Email Security

Phishing attacks target unsuspecting Wells Fargo customers

See How Abnormal AI Protects Humans

See How Abnormal AI Protects Humans