Monday, January 22, 2007

Phishing alert for Chase Bank customers: Don't get scammed!

Whether you have an account with Chase Bank or not, this information will be valuable for you.
Just today, I received an email that contained the following:

From: Chase Online
Date: Jan 21, 2007 7:56 PM
Subject: Five Questions Survey From Chase *

You have been chosen by Chase Bank to take part in our quick and easy 5 question online survey. In return we will credit $50 to your ATM/Debit card account - Just for your time!
Helping us better understand how our customers feel benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our online service.
The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party groups.
It will be stored in our secure database for maximum of 3 days while we process the results of this survey
We kindly ask you to spare two minutes of your time in taking part with this unique offer !!!
To take the survey click on :

Many thanks - Chase Bank Customer Department.

Obviously, Chase Bank is a serious institution that wouldn't ever send to any customer this kind of mail. If you analyze it thoroughly, you'll see that this message has all the features that you could expect from a fraudulent email:
  • It was sent to a person who's not even a customer of such bank.
  • The email address from which it was sent does not correspond to a domain.
  • They offer to reward you with "easy money", just by answering a questionnaire.
  • The promise of keeping your information "anonymous" and "confidential"
  • No name of any Chase executive or representative, nor a digital signature.
  • A link to be redirected to a page outside the domain.
Now, if you clicked the link that they disclosed in the mail to answer the survey, you'd see a professionally designed page like the following (click to enlarge):
It does contain Chase's original logo and the color mix is similar to the one that Chase uses for its documents. However, you can note that the web address above hasn't anything to do with a domain whatsoever. Also, the survey is named Cash Online SM $50 Reward Survey. Do you know what does SM stand for? If you don't, me neither. It's gotta be something like Srade Mark, probably...
Scrolling down the page, you'd find nothing but a group of nonsense questions supposedly aimed to improve Chase's customer service. This is what you find at the bottom part of the fraudulent page (click to enlarge):

Although in the email they made a promise of keeping your information anonymous, the last part of the email is where you're supposed to enter all your personal information - including your debit and credit cards number, name as it appears on both cards, expiry dates, security code, and even your mother's maiden name (in countries like US and Canada, such datum is normally used as a hint to retrieve personal bank information through a phone number).
This is a typical 'phishing' case, in which one or many impostors, acting supposedly on behalf of a serious institution like Chase, try to obtain personal information on a selected victim. If the scam is successful to them, a person will type in all the required fields with private information such as credit card numbers and PINs. Such data will be used to withdraw money from the victim's account, to clone cards, or to perform purchases.
A serious bank will never request personal information (such as PINs or passwords) from its customers.
To obtain more information about Chase's advisory on fraudulent emails, please click here, visit Chase's website at, or contact your bank.
Good day!


Post a Comment

Subscribe to Post Comments [Atom]

<< Home