Hello! I saw a thread from a couple of years ago about this issue. Thankfully, the workaround posted there is still working: Connect to “https://connect.secure.wellsfargo.com/auth/login/present” instead.

Tried to tell Wells themselves, but they only offer contact via phone calls during the week. Not worth the time to follow up when the workaround works. But, I’d image that they’d be concerned!

Anyway, same symptoms as a couple of years ago. When one tries going to https://www.wellsfargo.com, one gets the pop-up pictured below.

I have just tried the link to wellsfargo.com not the one to the login page and I had no problem connecting.

Hi dbrenn23,

Could be on your end, being a router/hub FON hack, see mentioned here:
https://www.virustotal.com/gui/url/68de7de79f1a289fabfe18d1e6988da175469a49cd0a5ea42a7c47ecca79526b/community
Signs of such a hack: https://www.highspeedinternet.com/resources/how-to-fix-a-hacked-router

Website has a grade A2 CSP, which is good. Kicks up a 307 when launched without https:

The server has previously indicated this domain should always be accessed via HTTPS (HSTS Policy per https://tools.ietf.org/html/rfc6797). Chrome has cached this internally, and did not connect to any server for this redirect. Chrome reports this redirect as a “307 Internal Redirect” which simply does not exist per https://tools.ietf.org/html/rfc7231#section-6.4.7 - however this probably would have been a “301 Permanent redirect” originally and the Google guys made fun of the webmaster community maybe. You can verify this by clearing your browser cache and visiting the original URL again. Please note that this is kind of a weird behavior and that Google even calls 307 redirects “a lie” in a post by John Muller titled “A search-engine guide to 301, 302, 307, & other redirects” at https://plus.google.com/+JohnMueller/posts/E4PqAhRJB2V - However server side 307 redirects do exist and we will show them. .

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)