Scam of the day – November 18, 2016 – Yet another Chase phishing scam

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase Bank.  I have taken out the name of the addressee, but it was directed to the email address of the person receiving the email.  I also have removed the link directing the person to click on to receive an important security message.  Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   As so often is the case with these type of phishing emails, it does not contain your account number in the email.  It carries a legitimate looking Chase logo, but that is easy to counterfeit.

Chase logo

Dear ******************

You have 1 new Security message From Chase Online Bank.

Click your email here to view the message *****************

As this e-mail is an automated message, we can’t reply to any e-mails sent by return.

JPMorgan Chase Bank, N.A. Member FDIC
©2016 JPMorgan Chase & Co

TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would direct the email to you by name rather than directing it to your email address.   As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

Scam of the day – September 10, 2016 – A new Chase phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which  download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase Bank.  DO NOT CLICK ON THE LINK.  Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good.  It looks legitimate.  However, the email address from which it was sent is that of an individual totally unrelated to Chase and is most likely the address of an email account of someone whose email account was hacked and made a part of a botnet of computers used by scammers to send out phishing emails.   The grammar and spelling is good, but a minor flaw is the inconsistent capitalization in the phrase, “All Rights reserved.” Also, as so often is the case, the email is not directed to you by name and does not contain your account number in the email.  It carries a legitimate looking Chase logo, but that is easy to counterfeit.

Chase logo

Chase Bank Online® Department Notice:

Your online account has been suspended (Reason: the violation of terms of service).
Update and Restore your online account Now
Log On
Thank you for using Chase Bank.
Member FDIC © 2016 Chase Bank Financial Corporation. All Rights reserved.
TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Legitimate credit card companies would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email has no salutation whatsoever.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

Scam of the day – March 16, 2016 – New Chase phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from Chase bank that is presently circulating.  DO NOT CLICK ON THE LINK.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond.

Dear Chase customer:

As part of our commitment to help keep your account secure, 
we have detected an irregular activity on your account and we are placing a hold on your account for your protection.
 

Please visit the confirmation of accounts system
www.chase.com

Please enter your information carefully


Sincerely, 

Chase Online Banking Team 

 

 

ABOUT THIS MESSAGE:

We sent this email from an unmonitored mailbox. Go to chase.com/CustomerService to find the best way to contact us.

Your privacy is important to us. See our online Security Center to learn how to protect your information. Chase Privacy Operations, PO Box 659752, San Antonio, TX 78265-9752.

© 2016 JPMorgan Chase Bank, N.A. Member FDIC

TIPS

There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email.  The email address from which it was sent has nothing to do with Chase, but most likely was from a hacked email account that is a part of a botnet of computers controlled remotely by the scammer.  In addition, legitimate credit card companies would refer to your specific account number in the email.  They also would not use the generic greeting “Dear Chase Customer,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number on the back of your credit card where you can confirm that it is a scam and make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number.

Scam of the day – February 11, 2016 – Chase email phishing scam

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from Chase bank that is presently circulating. DO NOT CLICK ON THE LINK.

“Dear  User,
Your account requires verification due to our recent upgrade. It is mandatory that you confirm your details through our secure link below.

Chase/Connect
Thank you for your co-operation.

Sincerely Yours,

Chase Center© 2016 JPMorgan Chase & Co”

TIPS

An indication that this is a phishing email is that the email address from which it was sent had nothing to do with Chase, but most likely was from a computer that was part of a botnet of computers controlled remotely by the scammer.  In addition, legitimate credit card companies would refer to your specific account number in the email.  They also would not use the generic greeting “Dear User,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number on the back of your credit card where you can confirm that it is a scam.

Scam of the day – November 12, 2015 – New Chase phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from Chase bank that is presently circulating.  This particular one came with quite good looking graphics and a Chase logo, but it is a scam.
“Confirmation of Recent Account Activity –
Unable to Contact You- Action Required
Your Account Ending in *46*

Dear Customer:

As part of our commitment to help keep your account secure, we routinely verify activity that seems unusual based on your general account usage. We called you to help us verify recent activity, but we weren’t able to reach you.  If you’ve already taken the required action about this recent activity, there’s nothing you need to do at this time. Otherwise, we ask that you Follow the next required action: •Log in to your account now and follow the instructions..Click here
We are here to assist you anytime. Your account security is our priority. Thank you for choosing Chase.

Sincerely,
Chase Fraud Department

Is your contact information current? Make sure we can reach you if we notice suspicious activity on your account. Update your information by logging into your account at Click here.

ABOUT THIS MESSAGE:
This service message was delivered to you as a Chase customer to provide you with account updates and information about your card benefits. Chase values your privacy and your preferences.

If you want to contact Chase, please do not reply to this message, but instead go to Click here. For faster service, please enroll or log in to your account. Replies to this message will not be read or responded to.

Your personal information is protected by state-of-the-art technology. For more detailed security information, view our Online Privacy Policy. To request in writing: Chase Privacy Operations, PO Box 659752, San Antonio, Texas 78265-9752

© 2015 JPMorgan Chase & Co. ”

TIPS

An indication that this is a phishing email is that the email address from which it was sent had nothing to do with Chase, but most likely was from a computer that was part of a botnet of computers controlled remotely by the scammer.  In addition, legitimate credit card companies do not refer merely to the last two digits of your account in emails, but instead refer to the last four digits.  They also would not use the generic greeting “Dear Customer,” but would rather specifically direct the email to you by your name.  As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number on the back of your credit card where you can confirm that it is a scam.

 

Scam of the day – February 23, 2015 – Chase Online bill pay scam

Today’s Scam of the day comes from my own email, however, I am sure many of you have received this, as well.  It is a phishing email that is intended to lure the recipient into providing personal information that will be used to make that person a victim of identity theft.  As typical with this type of phishing email, it is intended to make you think there is an emergency to which you must respond.  It looks pretty official, but there are some telltale signs that it is a scam.  First, is that although I did not include the email address of the sender, the email address is that of a private individual, not Chase although often identity thieves will use email addresses that appear to be official.  In this case, undoubtedly the email address used is part of a botnet whereby identity thieves have infiltrated the computers of innocent victims and then use their computers and email accounts to send out the fraudulent email.  Another telltale sign is that the email is directed to me, not by name, but rather as “Dear Customer.”   However, even if the email was directed to you by name, you couldn’t trust it because when JP Morgan Chase was hacked in the last year, the hackers stole names and email addresses.   Finally, the email appears to have been sent by Christopher Polumbo.  Christopher Palumbo is a Vice President at Chase, however, the email to me misspells his name.  However, it is easy to see how people would fall for this scam and provide the information that would enable an identity thief to gain access to your account.

Here  is a copy of the email I received.

“Dear Customer, 
We are writing to let you know that the service(s) listed below will be deactivated and deleted if your profile is not verified within 7 business days. Previous notifications have been sent to the Billing Contact assigned to your account.
As the Primary Contact, you must renew the service(s) listed below:

SERVICE: Chase Online and Bill Pay services. 
What you need to do:

1. Log in to your account through our enhanced security server www.Chase.comby clicking the URL.
2. 
Enter your user ID and Password (that you selected during the online enrollment process). 
3. 
Enter the requested information and your Chase Online and Bill Pay services will be renewed. 
If you have not signed up for online access, you can enroll easily by clicking “Enroll” at the bottom of the Login page. 
Please do not reply to this message directly but click on the URL. For questions, please call Customer Service at the number on the back of your card. We are available 24 hours a day, 7 days a week.

Sincerely,

Christopher Polumbo
Chase Online(SM)
Fraud Prevention Team

This site is directed at persons in the United States only. Persons outside the United States may visit International Banking . 
Links to third party sites are provided for your convenience by JPMorgan Chase. JPMorgan Chase neither endorses nor guarantees any offerings of the third party providers, nor does JPMorgan Chase make any representation or warranty of any kind about the content, use of or inability to use, the third party sites.

© JPMorgan Chase Bank, N.A. Member FDIC ©2015 JPMorgan Chase & Co.; Co”

TIPS

As I have warned you many times, you should never click on links in emails or text messages or provide information in response to such emails or text messages unless you have absolutely confirmed that the communication is legitimate, which is easy to do by merely contacting the company.  In this case, you could just contact Chase at the telephone number on your credit card or bank statement.  Providing information without confirming that the communication is legitimate gives the identity thief all that they need to make you a victim of identity theft.  In other variations of this phishing email, merely by clicking on the links provided will result in keystroke logging malware being downloaded on to your computer which can steal your personal information from your computer and then enable its use for purposes of identity theft.  Even if you have good security software installed on your computer or other electronic device, as you should, this may not protect you from keystroke logging malware because the latest malware is always at least a month ahead of the latest security software updates.  Remember my motto, “Trust me, you can’t trust anyone.”

As for this particular Chase phishing email, if you receive it, Chase requests that you forward it to them at abuse@chase.com.