Suspicious activity or suspicious email? Chase Bank customers are being targeted in the latest email phishing scam, now being blocked by MailGuard, which claims access to your account has been limited due to suspicious activity. The intention of the email is to capture a broad range of private information, such as login credentials for both online banking and email, and several personal details, including date of birth, address, mother’s maiden name, credit card details, PIN number, plus much more.
The scam email subject stating ‘Login Required for –‘, comes from the email address ‘info(at)ywxtqq(dot)com’ and shows ‘CHASE SUPPORT ONLINE’ as the display name.
While the format and footnotes of the email appear to be similar to what you could expect from Chase Bank, a key red flag within the text itself is the use of the generic greeting ‘ Dear Chase OnlineSM Customer’, rather than one that’s personalised with your name. The email then continues to explain that your account has been restricted due to suspicious activities, and asks recipients to review the activity by clicking on a link
Here is what the email looks like:
After clicking the link, customers are taken to a phishing page which is almost identical to the real Chase Online login page, the only exception being the website URL, which makes no mention of Chase and is hosted on fleek(dot)co. Here, you’re instructed to enter your username and password for your Chase Online account.
Once you’ve ‘signed in’, you’re taken to an email authentication page titled ‘For Your Protection’, which asks you to enter your email address and the password used for this. For the record, your bank will never ask for passwords that are used externally.
You are then requested to verify your personal details, including:
- First and Last name (as shown on your government ID)
- Date of birth
- Social Security number
- Issuing state
- Street address
- Phone number, and
- Carrier PIN
On the next page, you’re asked to enter your:
- Credit Card number
- Expiration date
- CVV number
- Mother’s Maiden Name, and
- ATM PIN
On the final screen, you receive confirmation that your account has been restored, and you're then redirected to a legitimate Chase webpage.
The data requested in this phishing scam is scarily in-depth and will give the cybercriminals access to your online banking, credit card, email account, and more. What data isn’t used for the fraudsters personal gain will likely be harvested and sold off.
It’s important to stay alert when you receive emails such as this. Make sure to check ‘from’ email addresses, sender names, and keep an eye out for generic greetings and grammatical errors. If you’re unsure about links within an email, you can hover your cursor over the hyperlinked text and the true destination will show in a pop-up.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.