Caught in the payment fraud net: when, not if?
Cybercrime | News | Scams

Irregular Activities On Your Account: A‏ Chase Bank Phish

Posted: December 11, 2014 by Christopher Boyd

From the spam traps: a fake Chase Bank “Security Warning” email, claiming to have noticed something peculiar going on with your account.

Phishing email

The mail reads as follows: 

SECURITY MESSAGE - Irregular Activities On Your Account‏
Dear Chase Online Customer,
We're currently upgrading our systems to bring enhanced features to your Online Banking experience. As a result, your account is temporarily unavailable.
Please download the file attached and upgrade your account to our new Online Banking system.
Note: fail to upgrade your account, it will be automatically closed.
After this step, you are permitted to access your Online Banking System.
Sincerely, Customer Service Team.
E-mail Security Information E-mail intended for your account suspicious.
Note: If you fail to verify your account, it will be automatically closed. After this step, you are permitted to access your Online Banking System.
ABOUT THIS MESSAGE: This service message was delivered to you as a Chase Bank customer to provide you with account verification needed. If you want to contact Chase, please do not reply to this message. For faster verification update, please download and verify your account. Replies to this message will not be read or responded to.

The mail comes with an attachment called Chase_OnlineBanking.html, and it asks for a rather sizable chunk of personal information including User ID, password, full name, home address, city, state, zip, home / mobile phone, email address AND email password.

As for payment details, they want ATM / debit card number, CVV, ATM pin, expiration date, checking / savings account number and account routing number.

Anybody caught out by this is not going to have a good day – please avoid all banking emails which come with attachments asking for payment and / or personal information. If in doubt, give your bank a call first and have them confirm that shenanigans are taking place. Scammers attempting to snare unsuspecting victims with HTML attachments is not a new trick, but it could prove very costly for anybody unfortunate enough to fall for it.

Christopher Boyd

RELATED ARTICLES

Fishing in a lake
Cybercrime

Law enforcement reels in phishing-as-a-service whopper

April 18, 2024 - A major international law enforcement effort has disrupted the notorious LabHost phishing-as-a-service platform.

CONTINUE READING 0 Comments
Cerebral logo
News | Privacy

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

April 18, 2024 - The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.

CONTINUE READING 0 Comments
JuicyFields investment scam
News | Scams

Cannabis investment scam JuicyFields ends in 9 arrests

April 18, 2024 - JuicyFields was an investment scam that urged victims to invest in cannabis production.

CONTINUE READING 0 Comments
A mobile phone in the hands of a young woman in a dark colored t-shirt.
Privacy

Should you share your location with your partner?

April 17, 2024 - Location sharing is popular among couples. But is it something you want in your own relationship?

CONTINUE READING 0 Comments
Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Christopher Boyd

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams