A text pops up. An email hits your inbox. Sometimes a loud, threatening pop-up fills your screen. The message looks urgent and official, and it says something like: “Wells Fargo: Suspicious card activity detected.”
Your brain does the rest. Did someone steal my card? Is my account locked? Am I about to lose money?
That moment of panic is exactly what scammers are trying to create.
Because once they get you rushing, they can steer you into the next step: calling a fake “support” number or clicking a phishing link that leads straight into a trap.
This alert is not from Wells Fargo. It is a carefully staged tech support scam and fraud alert impersonation designed to pressure you into handing over control of your device, your information, and eventually, your money.
Scam Overview
The “Wells Fargo Suspicious Card Activity Detected” scam is a modern mashup of two of the most effective fraud playbooks: bank impersonation and tech support social engineering.
On the surface, it looks like a standard fraud alert. Many banks do send real fraud alerts, and that is why this scam works so well. It copies the tone, the urgency, and the fear you would naturally feel if your card was actually being used.
But the goal is not to protect you.
The goal is to get you to react fast, bypass your usual skepticism, and follow instructions that hand scammers the access they need.
In many versions of this scam, the message claims your card has been suspended or restricted because of suspicious activity, and it urges you to “verify” information or “confirm” a transaction. Some versions push a link. Others push a phone number. Some do both. Security researchers have documented campaigns using the “Suspicious Card Activity Detected” wording and similar claims about cards being suspended and needing verification.
From there, the scam typically goes in one of two directions:
Phishing path: You click a link and land on a fake site designed to steal credentials and personal information.
Tech support path: You call a number and reach a fake support center that claims your device is compromised, then pressures you into installing remote access software like AnyDesk or similar tools.
The tech support path is especially damaging, because it can turn one small moment of fear into a full account takeover.
Why this scam is so convincing
Scammers are not guessing. They know exactly what triggers action.
They lean on a handful of psychological pressure points:
Urgency: “Act now” language that makes you feel you have minutes, not hours.
Authority: A big brand name, financial language, and confident instructions.
Fear of loss: The threat of locked accounts, declined cards, or stolen money.
Confusion: Just enough detail to seem legitimate, but not enough to verify easily.
Isolation: Encouraging you to stay on the phone, not talk to your bank directly, and not “waste time.”
This is why smart, careful people still get caught. The scam is engineered to interrupt normal thinking.
What the messages often look like
The wording varies, but common themes show up again and again:
“Suspicious activity detected on your Wells Fargo card.”
“Your card has been temporarily suspended.”
“Unusual purchase attempt. Verify now.”
“If you do not respond, access may be restricted.”
“Call immediately to resolve.”
“Tap here to confirm this transaction.”
Sometimes the sender looks like a random email address. Sometimes it looks almost right, with a slight misspelling.
Sometimes it arrives as a text from an unfamiliar number.
Sometimes it appears to come from a shortcode that feels official, which is why you should be cautious even with texts. Wells Fargo itself advises being careful about unexpected numbers and phone contacts, and it lists examples of common Wells Fargo short codes used for legitimate messaging.
Most importantly, scammers can also spoof phone numbers. That means your caller ID might show something that looks like a legitimate bank number even when it is not.
That is why safety comes from how you verify, not what the message appears to show.
The big lie behind the “tech support” angle
A classic fraud alert scam tries to steal credentials.
This one often goes further by claiming your device is infected or hacked.
Here is the setup:
You call the number in the message.
The person who answers sounds professional and calm.
They claim they are “Wells Fargo support” or “fraud department,” sometimes with a fake name and employee ID.
They tell you your device may be compromised, and that is why “suspicious activity” occurred.
They insist they need to connect remotely to “secure your account,” “stop the fraud,” or “process a refund.”
Once connected, they start extracting information and moving money.
This is not a real bank process. It is a well-known tech support scam pattern. The FTC warns that tech support scammers often push people to call a number, then demand remote access and lead victims to spoofed pages where sensitive financial info gets entered.
The remote access step is not a minor detail. It is the turning point.
Because once you give a scammer remote control, they can see what you type, open your browser, guide you into logging in, and sometimes install tools that allow future access.
Why gift cards show up in a “bank” scam
This is one of the parts that confuses people the most.
If the message says “Wells Fargo” and “card activity,” why would anyone ask for gift cards?
Because gift cards are a near-perfect scam payment method:
They are fast.
They are hard to reverse.
They are easy to launder.
Once the code is shared, the money is basically gone.
Scammers often claim you must “verify identity,” pay a “security deposit,” cover a “refundable charge,” or pay for “device cleaning.” Then they push gift cards as the payment method.
Law enforcement has been warning about exactly this. The FBI notes that tech support scammers may demand payment by gift card, wire transfer, or cryptocurrency, and that remote access is used to steal personal info and money.
If you hear “gift cards” in any supposed bank or tech support situation, that is a bright red flag. Legitimate financial institutions do not solve fraud issues by asking you to buy gift cards.
How this scam spreads
This scam does not rely on one channel.
It shows up through:
Text messages (SMS)
Emails
Pop-ups and scareware warnings
Sponsored search results that promote fake support numbers
Social media messages and ads
Calls that claim to be “follow-ups” to an alert
Sometimes it is targeted. Often it is mass-sent. The point is volume. If scammers send enough alerts, someone will be tired, distracted, or worried enough to bite.
What the scam can cost you
The damage can be financial, digital, and emotional.
Victims may experience:
Unauthorized transfers from bank accounts
Card fraud and new transactions
Stolen login credentials
Identity theft attempts
Compromised email accounts
Malware or persistent remote access tools installed
Pressure to buy gift cards worth hundreds or thousands of dollars
Ongoing harassment from scammers who keep calling
And even when money is recovered, the stress can linger. People often replay the moment, wondering how they got pulled in.
The truth is simpler: the scam is designed to work on normal human instincts.
How The Scam Works
Below is the typical flow, step by step, including the “fake Wells Fargo alert” hook and the tech support takeover.
Step 1: The fake alert lands at the perfect time
Scammers want you slightly off balance.
That is why messages often arrive:
Early morning
Late evening
During work hours
While you are traveling
Right after big shopping seasons
On weekends, when you think support might be harder to reach
The alert usually contains one strong trigger: fear.
It suggests a real risk:
“Suspicious purchase detected”
“Card temporarily suspended”
“Account access restricted”
Then it adds a deadline feeling:
“Immediate action required”
“Respond now”
“Call within 30 minutes”
This is not about accuracy. It is about momentum.
Step 2: The message gives you a trapdoor: call or click
The scam message typically pushes one of these:
A phone number to call “fraud support”
A link to “verify activity”
Sometimes both, to increase conversion
If you click the link, you may be sent to:
A fake login page that steals your Wells Fargo credentials
A fake “verification” form that collects personal information
A page that tells you to call a number anyway
If you call the number, you move into the part of the scam that resembles a staged customer service interaction.
Wells Fargo’s own guidance is clear: do not click suspicious links or call numbers you do not recognize, and when in doubt, sign in through official channels or call the number on the back of your card.
That single habit, using verified contact methods, breaks the scam in half.
Step 3: The fake agent builds trust fast
Once you call, the scammer shifts into performance mode.
They often sound:
Confident
Patient
Professional
“Helpful”
Calm while you panic
They may say they are from:
“Wells Fargo Fraud Department”
“Wells Fargo Card Security”
“Wells Fargo Technical Support”
A made-up “security division”
They may ask a few questions that feel normal:
“Did you make this charge?”
“Do you recognize this merchant?”
“Are you traveling?”
“Have you shared your card recently?”
This creates a sense of legitimacy.
Then they pivot to the real goal: device access.
Step 4: They claim your device is infected or your account is compromised
This is where the scam becomes a tech support scam.
They tell you a story that connects the fake suspicious activity to your device:
“Your phone may be hacked.”
“Your computer is sending your card details.”
“Someone has access to your online banking.”
“We see signs of malware.”
“Your IP address is flagged.”
They might mention “security logs,” “firewall alerts,” or “encryption,” not because it is true, but because it sounds technical enough to discourage questions.
Step 5: They push remote access as the “solution”
Next comes the request that should stop you in your tracks:
“Install this app so we can secure your device.”
“We need to connect remotely to fix it.”
“This is the fastest way to stop the fraud.”
“We will guide you step by step.”
They often name real remote access tools, because real tools are easier than malware:
AnyDesk
TeamViewer
Quick Assist
Chrome Remote Desktop
The FTC describes this exact pattern: the scam pressures you to call, then asks for remote access and leads you into entering sensitive financial details.
The point is simple. Once the scammer can see your screen, they can control the environment.
Step 6: The “proof” stage: they show you scary but meaningless things
After connecting, scammers often perform a scripted show to “prove” you are in danger.
They might:
Open the Event Viewer and point at normal warnings
Run a fake scan that “detects threats”
Type commands in a terminal window to look advanced
Open network settings and claim “someone is connected”
Show you random files and call them “hack tools”
This is theater.
It is not diagnostic work.
It is pressure, dressed up as expertise.
Step 7: They maneuver you into logging into your bank
Now the scam tightens.
They may say:
“Log into Wells Fargo so we can verify you.”
“We need to confirm your identity.”
“We will help you secure the account.”
If you log in while they are connected, you risk:
Credentials being observed
Security questions being captured
One-time passcodes being requested
Funds being moved while you watch, confused
In some cases, they guide you to a fake site that looks real. In other cases, they push you into using your real account, because remote access gives them visibility and influence.
Step 8: They try to extract the information that unlocks money movement
At this stage, scammers commonly attempt to gather:
Online banking login details
Card number, expiration date, and CVV
Account number and routing information
Full name, address, date of birth
Social Security number (for US victims)
Security codes sent by text
Email login, to intercept future alerts
They may frame it as “verification,” “security,” or “fraud prevention.”
But verification does not require you to reveal everything.
Real fraud departments do not need you to hand over the keys to your identity.
Step 9: The money extraction stage
Once scammers believe they have enough access, they move toward money.
Common methods include:
Initiating bank transfers
Adding payees
Attempting Zelle-style instant transfers (or similar instant methods)
Convincing you to move money “to a safe account”
Convincing you to withdraw cash
Pushing gift card purchases
A frequent trick is the “safe account” lie.
They claim:
“Your money is at risk.”
“We need to move it temporarily.”
“This is a secure holding account.”
“You will get it back after investigation.”
It is not secure. It is the scammer’s account.
Step 10: The gift card demand, and why it works
If they cannot transfer money directly, scammers often switch to gift cards.
They may claim the gift cards are:
A “verification hold”
A “refundable security step”
A “payment for securing the device”
A “temporary authorization”
A “fraud reversal fee”
Then they ask you to read the codes aloud or send photos of the cards.
This is exactly why agencies warn that gift cards are a major scam payment channel and that remote access can lead to theft.
Once the code is shared, scammers can drain the value quickly.
Step 11: They try to keep access and control even after the call
Scammers do not want a single win. They want repeat access.
Before they leave, they may:
Install unattended access settings
Ask you to “keep the app installed”
Disable notifications
Encourage you not to contact your bank “yet”
Schedule a follow-up call
Tell you to expect a “case manager”
Sometimes they will keep calling for days.
If they got even a little information, they may attempt to leverage it into more.
Step 12: The follow-up scam: shame, fear, and urgency
Many victims feel embarrassed. Scammers use that.
They may call back and say:
“We detected additional threats.”
“Your refund is pending.”
“We need one more verification.”
“Do not tell the bank or it will delay the case.”
This is manipulation.
A real bank would never tell you not to contact the bank.
Wells Fargo’s advice for fake scams includes a key safety step: if something feels suspicious, hang up and contact the bank directly using verified sources like the number on your card, the official website, or the official app.
That one move, hang up and call back using your own trusted method, protects you even if the caller ID looked real.
Example scam texts and emails victims might receive
These are common patterns scammers use when impersonating Wells Fargo. Real campaigns vary, but the structure is usually the same: urgency, fear, and a push to call a number or click a link.
Text message examples (SMS)
“WELLS FARGO ALERT: Suspicious card activity detected. Reply Y to confirm or call (###) ###-#### now.”
“Wells Fargo: Card temporarily blocked due to unusual purchase. Verify immediately: example[dot]com/wf”
“Fraud Dept Notice: $847.19 attempt flagged. If NOT you, call (###) ###-#### to stop it.”
“Wells Fargo Security: Your debit card has been suspended. Restore access now: example[dot]com/secure”
“Urgent: New device added to your account. If this wasn’t you, call (###) ###-####.”
“WellsFargo: Unusual activity detected. We need to confirm identity to avoid account restriction. Call now.”
“Your card will be locked within 30 minutes if not verified. Tap: example[dot]com/verify”
“Wells Fargo Support: We detected malware linked to your banking. Call (###) ###-#### for assistance.”
“Action required: charge pending at ‘ONLINE STORE’. Approve? Reply YES or call (###) ###-####.”
“WF Notice: Failed transaction attempts detected. Secure your device and account now. Link: example[dot]com/help”
What makes these suspicious is the pressure to act immediately, the random link, and the “call this number” instruction inside an unexpected message.
“Your Wells Fargo Card Has Been Temporarily Suspended”
“Fraud Alert: Transaction Verification Needed”
“Security Notice: Unusual Activity on Your Account”
“Action Required to Prevent Account Restriction”
“Refund Processing Error: Confirm Your Details”
“Device Compromised Warning: Secure Your Online Banking”
“Urgent: Confirm Your Identity to Restore Access”
Email body examples (snippets victims might see)
“We detected suspicious activity on your card. For your protection, your account access has been limited. Confirm your identity here: example[dot]com/secure”
“A charge of $623.44 is pending. If you do not recognize this purchase, contact support immediately at (###) ###-####.”
“Your card has been suspended due to unusual activity. To reactivate, verify your information using the secure link below.”
“Security team notice: Your device appears infected and may be leaking card details. Call our support line now to remove threats and secure your account.”
“We attempted to stop a suspicious transaction. To finalize the cancellation, call an agent now. Failure to act may result in a locked account.”
“We are issuing a refund for an unauthorized charge. To complete the refund, you must confirm access and allow a technician to assist you.”
“Important: Do not contact your local branch at this time. This case must be handled through our security desk. Call (###) ###-####.”
“Multiple login attempts detected. If this was not you, verify immediately to prevent further access.”
“Your account requires urgent verification to avoid permanent restrictions. Click below to confirm.”
“Your payment was flagged as suspicious. For immediate resolution, call support and follow the steps to secure your device.”
The most dangerous versions mix a fake “fraud alert” with a tech support angle, like claiming your device is infected and pushing you to install remote access software or pay with gift cards.
Quick red-flag checklist tied to these examples
The message tells you to call a number provided in the text or email.
The link goes to anything other than a clearly official domain, or it is shortened.
The sender pressures you with time limits, threats, or “final notice” language.
It claims your device is infected and offers “remote help.”
It introduces unusual payment methods, especially gift cards.
What To Do If You Have Fallen Victim to This Scam
If you clicked, called, installed remote access software, shared information, or bought gift cards, take a breath.
You can still reduce the damage, and the most important thing is to act calmly and quickly, one step at a time.
End the interaction and cut off remote access immediatelyHang up. Stop responding to texts or emails.If someone has remote access to your device, disconnect from the internet (turn off WiFi, unplug Ethernet, or switch on airplane mode) so they lose the live connection.
Remove any remote access tools they had you installOn your computer or phone, uninstall apps like AnyDesk, TeamViewer, or anything you do not recognize.If you are not sure what was installed, search your installed apps list carefully and remove anything suspicious.
Use a clean device to secure your accountsIf your computer may be compromised, do not change passwords on that same device yet.Use a different trusted device to change passwords for:
Your email account (very important)
Your bank login
Any financial apps
Apple ID or Google account
Password manager, if you use one
Call Wells Fargo using a verified numberDo not call back the number from the scam message.Call the number on the back of your card, or use the official Wells Fargo app or website to locate the correct contact method. Wells Fargo explicitly recommends using verified contact sources and avoiding unknown numbers and links. Tell them you may have interacted with a bank impersonation scam and that you want to:
Lock or replace the card
Review recent transactions
Flag your account for fraud monitoring
Change online banking credentials
Ask about disputes for unauthorized activity
If you shared one-time codes, assume your account security is compromisedOne-time passcodes are often used to approve new devices, add payees, or confirm transfers.Ask the bank to review recent security changes, device enrollments, and transfer history.
Check your email account for tamperingEmail is often the hidden key. If scammers get into your email, they can reset banking passwords.Look for:
Password reset emails you did not request
New forwarding rules
New “recovery email” or phone changes
Deleted security alerts
Run a full security scan and update your systemUpdate your operating system, browser, and security software.If you are not confident your device is clean, consider professional help from a trusted local technician or someone you personally know, not a number found in a pop-up.
If you bought gift cards, act fastContact the gift card issuer immediately and explain that you were scammed and the codes were shared.Some companies may be able to freeze remaining value if it has not been spent yet, but time matters.
Monitor your accounts daily for the next few weeksCheck:
Bank account activity
Credit card activity
New payees
New transfer recipients
Notifications settings (make sure alerts are on)
Consider a credit freeze or fraud alert if personal identity data was shared
If you shared sensitive identity information, a credit freeze can reduce the risk of new accounts being opened in your name.
If you are in the US, also monitor your credit reports for new inquiries.
Report the scam
Reporting helps agencies track patterns and shut down scam infrastructure.
In the US, you can report tech support and impersonation scams to:
The FTC (consumer fraud reporting)
The FBI’s Internet Crime Complaint Center (IC3), which warns about not giving control of devices and being cautious about support numbers found through search results
Expect follow-up attempts and do not engage
Once scammers know you responded once, they may try again with:
“refund” calls
“account secured” confirmations
threats that you will be arrested or sued
a new “case manager”
Treat all unexpected follow-ups as suspicious until you verify through official channels you initiate yourself.
A quick “right now” checklist
If you want the short version, do these first:
Disconnect the device if remote access was granted.
Uninstall remote access tools.
Call the number on the back of your card.
Change email and banking passwords from a clean device.
Report and monitor.
Is Your Device Infected? Scan for Malware
If your computer or phone is slow, showing unwanted pop-ups, or acting strangely, malware could be the cause. Running a scan with Malwarebytes Anti-Malware Free is one of the most reliable ways to detect and remove harmful software. The free version can identify and clean common infections such as adware, browser hijackers, trojans, and other unwanted programs.
Malwarebytes works on Windows, Mac, and Android devices. Choose your operating system below and follow the steps to scan your device and remove any malware that might be slowing it down.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes
Download the latest version of Malwarebytes for Windows using the official link below. Malwarebytes will scan your computer and remove adware, browser hijackers, and other malicious software for free.
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Once the scan completes, remove all detected threats. Your Windows computer should now be clean and running smoothly again, free of trojans, adware, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
After scanning, delete any detected threats. Your Mac should now be free from adware, unwanted extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the scan is finished, remove all detected threats. Your Android phone should now be free of malicious apps, adware, and unwanted browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
After cleaning your device, it’s important to protect it from future infections and annoying pop-ups. We recommend installing an ad blocker such as AdGuard. AdGuard blocks malicious ads, prevents phishing attempts, and stops dangerous redirects, helping you stay safe while browsing online.
The Bottom Line
The “Wells Fargo Suspicious Card Activity Detected” alert scam succeeds for one reason: it turns a normal fear into an urgent reaction.
The alert is fake. The phone number is a trap. The “support agent” is performing a script. And the remote access request is the moment where control shifts from you to them.
If you remember only one rule, make it this: never trust the contact method inside an unexpected alert. Hang up, close the message, and contact your bank using a number you already trust, like the number on the back of your card or the official app.
That small pause, that one extra verification step, is often the difference between a scary message and a real financial loss.
FAQ
Is the “Wells Fargo Suspicious Card Activity Detected” alert real?
In this scam version, no. Scammers imitate real fraud alerts to scare you into calling a fake number or clicking a phishing link. If you are unsure, verify by signing in through the official Wells Fargo app or calling the number on the back of your card, not the number in the message.
What is the biggest red flag?
Any request to install remote access software (like AnyDesk or similar) or to pay with gift cards. Real banks do not “secure” accounts by taking remote control of your device, and they do not accept gift cards for fraud cases.
I called the number but did not install anything. Am I still at risk?
Possibly, but your risk is much lower. If you shared personal details, card information, or one-time passcodes, contact your bank right away and ask them to review recent activity and security changes.
What if I clicked the link and entered my login details?
Assume your credentials are compromised. Change your Wells Fargo password immediately from a trusted device, update your email password too, and contact the bank to secure the account and review transactions.
What should I do if I let them connect remotely?
Disconnect from the internet to break the session, uninstall the remote access tool, run a full security scan, and change your key passwords from a clean device. Then contact your bank to lock down your accounts.
Can I get money back if I paid with gift cards?
It is difficult, but act immediately. Contact the gift card issuer and report the scam. If the balance has not been used yet, they may be able to freeze remaining funds. Also file a report with the FTC and IC3.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
