Chase Online Banking Phishing Scams
Date: 11 October 2007
Received from "firstname.lastname@example.org" <email@example.com>
Subject: Update Your Chase.com Account Information.
|JPMorgan | JPMorgan Chase|
Date: 16 September 2007
Received from Chase <firstname.lastname@example.org>
Subject: Your Account Was Hijacked
Dear Chase valued customer,
We recently noticed one or more attempts to log in your Chase account from a foreign IP address and we have reasons to believe that your account was hijacked by a third party without your authorization. If you recently accessed your account while traveling, the log in attempts may have initiated by you.
However if you are the rightful holder of the account, click on the link below and submit, as we try to verify your account.
Log on to Chase Internet Banking and fill in the required informations. This is required for us to continue to offer you a safe and risk free environment.
The log in attempt was made from:
IP address: 18.104.22.168
ISP host: 22.214.171.124.drmnet.org
If you choose to ignore our request, you leave us no choice but to temporally suspend your account.
We ask that you allow at least 48hrs for the case to be investigated and we strongly recommend not making any changes to your account in that time.
* Please do not respond to this email as your reply will not be received.
Thank you for your patience as we work together to protect your account.
Copyright © 2007 JPMorgan Chase & Co. All rights reserved.
The scammers who compiled this e-mail, clearly did not know what they were doing. First of all, what was supposed to be a spoofed chase.com e-mail address, ended up as a spoofed account-updates.com e-mail address. Secondly, the subject line is enough to give any Chase customer a heart attack, do you really think Chase will send e-mails like this to their clients? Finally read the following line again:
"...we have reasons to believe that your account was hijacked by a third party without your authorization"
Can you see how absurd this is? Since when do people authorise a third party to hijack their bank accounts?
"However if you are the rightful holder..."
This is just as absurd as the previous line. Which bank will send someone an e-mail, if they are not even sure whether this intended recipient is the rightful account holder or not? Only a bank run by dumb phishing scammers will do things like this.