Phishing alert for Chase Bank customers: Don't get scammed!
Whether you have an account with Chase Bank or not, this information will be valuable for you.Just today, I received an email that contained the following:
From: Chase Online
Date: Jan 21, 2007 7:56 PM
Subject: Five Questions Survey From Chase *
- It was sent to a person who's not even a customer of such bank.
- The email address from which it was sent does not correspond to a chase.com domain.
- They offer to reward you with "easy money", just by answering a questionnaire.
- The promise of keeping your information "anonymous" and "confidential"
- No name of any Chase executive or representative, nor a digital signature.
- A link to be redirected to a page outside the chase.com domain.
Now, if you clicked the link that they disclosed in the mail to answer the survey, you'd see a professionally designed page like the following (click to enlarge):
It does contain Chase's original logo and the color mix is similar to the one that Chase uses for its documents. However, you can note that the web address above hasn't anything to do with a chase.com domain whatsoever. Also, the survey is named Cash Online SM $50 Reward Survey. Do you know what does SM stand for? If you don't, me neither. It's gotta be something like Srade Mark, probably...
Scrolling down the page, you'd find nothing but a group of nonsense questions supposedly aimed to improve Chase's customer service. This is what you find at the bottom part of the fraudulent page (click to enlarge):
Although in the email they made a promise of keeping your information anonymous, the last part of the email is where you're supposed to enter all your personal information - including your debit and credit cards number, name as it appears on both cards, expiry dates, security code, and even your mother's maiden name (in countries like US and Canada, such datum is normally used as a hint to retrieve personal bank information through a phone number).
This is a typical 'phishing' case, in which one or many impostors, acting supposedly on behalf of a serious institution like Chase, try to obtain personal information on a selected victim. If the scam is successful to them, a person will type in all the required fields with private information such as credit card numbers and PINs. Such data will be used to withdraw money from the victim's account, to clone cards, or to perform purchases.
A serious bank will never request personal information (such as PINs or passwords) from its customers.