Today’s Scam of the day actually combines two areas of current scams, namely phishing emails and Peer to Peer Payment Service such as Zelle. Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new. They are a staple of identity thieves and scammers and with good reason because they work. Reproduced below is a copy of a new phishing email presently circulating that appears to come from Chase Bank.
Chase is a popular target for this type of phishing email because it is one of the largest banks in the United States. Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond. As phishing emails go, this one is pretty good. It looks legitimate and the version appearing in your email comes with a legitimate appearing Chase logo. As so often is the case with these type of phishing emails, it does not contain your account number in the email nor is it personally addressed to the receiver of the email, but merely uses your email address. This particular phishing email was provided by a loyal Scamicide reader.
Peer to Peer Payment Payment Services (P2P) such as Zelle, Venmo, ApplePay, PayPal, Square Cash and PopMoney are popular ways to quickly and conveniently send money electronically from your credit card or bank account. These services are used by ninety million Americans. These services also provide easy ways to be scammed and unlike scams targeting your credit cards directly, you may not have as much protection under the law to get your money back if you do get scammed. Zelle which originated in 2017 is operated by a consortium of banks and appears on your mobile banking app. Sending money through Zelle only requires you to enter the recipient’s phone number or email address. In addition to scammers luring their victims to pay for worthless items through P2P services, scammers have also been sending phishing emails and text messages in which they lure their victims into providing their Zelle usernames, passwords and PINs to take over their victims’ bank accounts through their Zelle accounts. Chase Bank does provide access to Zelle so this phishing email could appear legitimate if you had a Zelle account with Chase.
Here is a copy of the Chase phishing email presently being circulated.
There are a number of indications that this is not a legitimate email from Chase, but instead is a phishing email. Most notably, the email address from which this phishing email was sent has no relation to Chase. Most likely it is part of a botnet of infected zombie computers used by scammers to send out such phishing emails. It is also important to note that although the email contained a legitimate appearing Chase logo, such logos are very easy to counterfeit. As with all phishing emails, two things can happen if you click on the links provided. Either you will be sent to a legitimate looking, but phony website where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft. If you hover your mouse over the links to “Approve Payment,” “Decline Payment” or “chasecom/cardhelp” you would see that if you clicked on those links you would be sent to websites that have nothing to do with Chase. I have disarmed those links in the above copy of the email for your safety.
If you receive an email like this and think it may possibly be legitimate, merely call the customer service number where you can confirm that it is a scam, but make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for financial companies, such as Chase to trap you if you make a mistake in dialing the real number. Alternatively you can go to http://www.chase.com to check on your account.
Before signing up for any P2P service, you should familiarize yourself with their fraud protection rules. In the fine print of many P2P services, you may find that you have little, if any, protection if you use the account to purchase something that ends up to be a scam. While PayPal offers significant protection from fraudulent transactions, Zelle and Venmo, for example do not offer such protection, which is why these services should never be used for commercial transactions, but only to transfer small amounts of money to people you know. In order to protect your account from being hacked and being taken over by a scammer who could access your credit card or bank account, you should use a PIN or other dual factor authentication whenever your particular service provides for it. In addition if your account is tied to a credit card, you should be able to get the amount fraudulently taken refunded from your credit card company in accordance with federal law and if it is tied to a bank account, you should be able to get the money refunded if you report it immediately pursuant to the Electronic Transfer Act. However, any delay in reporting the fraud from your bank account could cost you dearly.
To avoid having your Zelle account and other accounts from being taken over by hackers, never provide your username, password or PIN in response to any email, text message or phone call unless you have absolutely confirmed that the request for this information is legitimate, which it never is. You can confirm this by contacting your bank or other company by calling them at a telephone number you know is accurate. Even if you get a call that appears to come from your bank or other company with which you do business, your Caller ID can be tricked by spoofing to make the call appear legitimate when it is not.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/