Wells Fargo customers are being targeted by a phishing campaign impersonating the Wells Fargo Security Team and luring potential victims to phishing pages with the help of calendar invites. The phishing messages have so far targeted over 15,000 customers using a calendar file attachment. The attackers’ emails claim that the targets have to update their security keys using instructions included within a.ics calendar file to avoid having their accounts suspended. The messages also instruct the targets to open the calendar file with their mobile devices to take advantage of the fact that the event included in the.ics file would be automatically added to the victims’ calendar.
Source: https://www.bleepingcomputer.com/news/security/wells-fargo-phishing-baits-customers-with-calendar-invites/