Don’t click any links, and definitely do NOT provide your Chase username and password.
Despite what the clean layout, Chase logo and bogus logins with IP addresses that match their location information may lead you to believe, that email did NOT come from Chase, but a cybercriminal looking for a quick buck.
From: Chase Online (firstname.lastname@example.org)
Subject: Verification of Recent Activities Required
URGENT: Verification of Recent Activities Required
Your Chase Bank Account
As part of our ongoing effort to protect your account and our relationship, we monitor your account for possible fraudulent activity. We need to confirm that you or someone authorized to use your account made the following sign in error attempt on your Chase Bank account:
1) Sign in Error Attempt was noticed and registered at 220.127.116.11. Chantilly, Virginia United State on or around 2012-07-11 at 05:01AM.
2) Sign in Error Attempt was noticed and registered at 18.104.22.168. Commack, New York United State on or around 2012-07-11 at 8:30PM.
3) Sign in Error Attempt was noticed and registered at 22.214.171.124 Delray Beach, Florida United State on or around 2012-07-11 at 8:20PM.
4) Sign in Error Attempt was noticed and registered at 126.96.36.199, Egg Harbor Township, New Jersey, United States on or around 2012-07-11 at 6:39AM.
Please click on the link below to sign in correctly to re-activate your online banking access:
Your satisfaction is important to us, and we appreciate your prompt attention to this matter. If you already had the opportunity to discuss this matter with us, please disregard this message.
Thank you for being our customer.
Christopher J. Palumbo
Senior Vice President
Chase Fraud Prevention
E-mail Security Information
E-mail intended for: Addressed Chase Bank Customer.
If you are concerned about the authenticity of this message, please click here or call the phone number on the back of your debit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here.
Note: If you are concerned about clicking links in this e-mail, the Chase Online services mentioned above can be accessed by typing www.chase.com directly into your browser.
JPMorgan Chase Bank, N.A.
Update 7/18/12: Here's another phishing email I received today:
Subject: Irregular Activity Detected In Your Chase Account
You have received this email because you or someone had used your account from different locations.
For security purpose, we are required to open an investigation into this matter.
In order to safeguard your account, we require that you confirm your banking details.
To help speed up this process, please access the following link so we can complete the verification of
your JP Morgan Online® Banking Account registration information :
To get started, please click the link below:
JP Morgan® Banking Department
Upon clicking the link, victims of this scam will be redirected to a third-party website dressed up to look like Chase.com – complete with a login form and all. (You can safely check out the page on phishtank.)
Naturally, any username and passwords submitted on the page will be sent off to the miscreants that setup this scam. I’ll leave it up to you to imagine what they might do with that information (sell it or use it).
What to Do If You Receive Chase Phishing Emails
Should a phisher cast their line into your email inbox, we recommend that you:
- Do NOT click on any links within the email.
- Do NOT provide your Chase.com username and password – let alone any other personal or financial information.
- Report the email to Chase by forwarding it to email@example.com.
- Delete the email immediately.
As a side note, it's always a good idea to type the URL of the website you wish to visit directly into your browser's address bar (or use your browser bookmark) instead of clicking on email links. Doing so will help you easily side-step phishing attempts like this one.
If you know anyone that banks with Chase, be sure to give them a head’s up about this scam so they don’t fall for it.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.