Friday, July 13, 2012

Phishing Email Wants Your Username and Password

Chase Did you get an email from Chase stating that they’ve locked your account due to suspicious failed login attempts and in order to “re-activate your online banking access” you will need to click their handy-dandy link & login to your account?

Don’t click any links, and definitely do NOT provide your Chase username and password.

Despite what the clean layout, Chase logo and bogus logins with IP addresses that match their location information may lead you to believe, that email did NOT come from Chase, but a cybercriminal looking for a quick buck.

Chase Phishing Email

From: Chase Online (
Subject: Verification of Recent Activities Required


URGENT: Verification of Recent Activities Required

Your Chase Bank Account

Dear Customer:

As part of our ongoing effort to protect your account and our relationship, we monitor your account for possible fraudulent activity. We need to confirm that you or someone authorized to use your account made the following sign in error attempt on your Chase Bank account:

1) Sign in Error Attempt was noticed and registered at Chantilly, Virginia United State on or around 2012-07-11 at 05:01AM.

2) Sign in Error Attempt was noticed and registered at Commack, New York United State on or around 2012-07-11 at 8:30PM.

3) Sign in Error Attempt was noticed and registered at Delray Beach, Florida United State on or around 2012-07-11 at 8:20PM.

4) Sign in Error Attempt was noticed and registered at, Egg Harbor Township, New Jersey, United States on or around 2012-07-11 at 6:39AM.

Please click on the link below to sign in correctly to re-activate your online banking access:

Your satisfaction is important to us, and we appreciate your prompt attention to this matter. If you already had the opportunity to discuss this matter with us, please disregard this message.

Thank you for being our customer.


Christopher J. Palumbo
Senior Vice President
Chase Fraud Prevention

E-mail Security Information
E-mail intended for: Addressed Chase Bank Customer.

If you are concerned about the authenticity of this message, please   click here   or call the phone number on the back of your debit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here.

Note:   If you are concerned about clicking links in this e-mail, the Chase Online services mentioned above can be accessed by typing   directly into your browser.

JPMorgan Chase Bank, N.A.

Update 7/18/12: Here's another phishing email I received today:

Subject: Irregular Activity Detected In Your Chase Account

Chase logo
You have received this email because you or someone had used your account from different locations.
For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details.
To help speed up this process, please access the following link so we can complete the verification of
your JP Morgan Online® Banking Account registration information :

To get started, please click the link below:


JP Morgan® Banking Department

Upon clicking the link, victims of this scam will be redirected to a third-party website dressed up to look like – complete with a login form and all. (You can safely check out the page on phishtank.)

Naturally, any username and passwords submitted on the page will be sent off to the miscreants that setup this scam. I’ll leave it up to you to imagine what they might do with that information (sell it or use it).

What to Do If You Receive Chase Phishing Emails

Should a phisher cast their line into your email inbox, we recommend that you:

  • Do NOT click on any links within the email.

  • Do NOT provide your username and password – let alone any other personal or financial information.

  • Report the email to Chase by forwarding it to

  • Delete the email immediately.

As a side note, it's always a good idea to type the URL of the website you wish to visit directly into your browser's address bar (or use your browser bookmark) instead of clicking on email links. Doing so will help you easily side-step phishing attempts like this one.

If you know anyone that banks with Chase, be sure to give them a head’s up about this scam so they don’t fall for it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment