Analysis by: Michael Reyes

An observable spike of spam samples attempting to phish Wells Fargo users in June 2020. This spam campaign unusually uses .ICS files as attachments. These samples lure the recipient into opening the attached file by creating a sense of urgency in updating the security key to prevent the temporary account suspension and making it look like that mail was from the Wells Fargo Security Team:

The .ICS files contains a link to a phishing page that mimics Wells Fargo:

Trend Micro customers are protected from this email threat. Users are still advised to remain cautious in opening links and attached files when you received unsolicited emails.

 SPAM BLOCKING DATE / TIME: June 16, 2020 GMT-8
 TMASE INFO
  • ENGINE:8.5
  • PATTERN:25486