PHISHING SCAM claiming to be from CHASE BANK

[Dee Jay]

If you bank at Chase (formerly Bank One and several others that have been "absorbed" over the years) and receive an e-mail like this DO NOT RESPOND to it. It is a SCAM and they will use your personal info to access your accounts. Your bank would NEVER send you a message like this.

By the way, does anyone know who I can forward this scam to in the world of technology? I know there is a organization that I should report this to, but I don't know who. (Leonid, oh guru of the internet - any ideas on where to send this?) Maybe I should forward it to Chase, but it's such a big organization that I would not have the first clue where to direct it.

Interestingly enough I called the phone number in the e-mail and it is for Washington Mutual. I did not click on the link provided (I'm curious, but not STUPID) so I can't tell you where that goes.

Here is the E-mail:


Dear Chase Customer

Thank you for submitting the requested information about your account. We have compared the information that you have supplied and the ATM Pin number is not the same as the one in our records.

To ensure that your account is not compromised please login to Chase Internet Banking by clicking this link, verify your identity, your account information and supply a valid ATM Pin number in order to get your acount reactivated by our system.

- Click on: https://chaseonline.chase.com/colappmgr/prospect?_nfpb=true&_pageLabel=page_logonform
- Enter your personal information and supply a valid ATM Pin number.
- Verify your identity with Chase

If at any time you require assistance, please contact our Online Account Services customer hotline at 1-800-788-7000 24 hours a day, 7 days a week.

Thank you for using Chase Online Account Services.

Sincerely,
Genevieve Smith - Chase Security Department

 

[belle]

report to the ftc: http://www.consumer.gov/idtheft/
the fbi''s internet crime complaint center: http://www.ic3.gov/

 

[Dee Jay]

Bell - thanks so much for the info!

 

[Gemklctr]

Good catch. Never click on a link when intending to enter sensitive financial or personal info. ALWAYS open up a new window and type in your known URL for the site you want to reach. Asking you to click on a link as in the Chase email is a sure sign of a phishing scam.

However, beware of a recent ebay/PayPal phishing email that directs you to type in your own URL, but also provides a link. I assume they believe some people will be reassured by the text and just click on the link for convenience after having been lulled into a false sense of security.

 

[MissAva]

I am in the school comp lab and I am not a Chase customer so I clicked on the link. I got the 404 not found bit. Just a little FYI in case you were curious.

 

[Dee Jay]

GK - Forgive me for exhibiting total technical ingorance here, but does typing the URL into a new window take you to a different "place" than clicking on a link? And what if you copy the link into a new URL - where does that take you?

 

[FireGoddess]

Good to know, thanks for posting this!

 

[MissAva]

[email protected] url]"> to send the email to chase.

 

[Dee Jay]

Matatora - thanks for this e-mail address for Chase. I looked all over their site and couldn''t figure out where to send it!

 

[belle]

Date: 2/9/2006 11:20:25 AM
Author: Dee Jay
GK - Forgive me for exhibiting total technical ingorance here, but does typing the URL into a new window take you to a different ''place'' than clicking on a link? And what if you copy the link into a new URL - where does that take you?

if you know the url of the place that you want to go i.e. ''pricescope'' you can type in the url www.pricescope.com to be sure that is where you are going. if you click on the link they provide i.e. www.pricescope.com (click the link!) you could be taken anywhere they want you to go. this is usually a site set up to look just like the original. copy and pasting would take you to the spoof site as well. the safest thing to do is type in the link rather than clicking on it if you are unsure.

 

[Dee Jay]

Belle - that makes sense (and I feel stupid for not being able to reason that out on my own! Did I mention that technology is not my forte?!?)

 

[belle]

you are very smart... you did not click the link in the email! that is what is most important.

 

[Mara]

you don't need to click on anything to figure out if it's a scam. you can typically just roll your mouse over the links in the email and they will look suspect like be a ip # like 204.83.30.301 or something or say something even more sketchy or have an overseas ending to the ip like .jp or .kr or something like that.

bottom line is 99% of those things are junk email and scams. i get alot of them every day, right now i am getting the paypal one (your paypal account has been accessed!) almost daily.

just send them to [email protected] (chase.com, paypal.com, ebay.com etc) or [email protected] (same), most large companies have email addresses set up for one or both of those to catch these emails from you. they will investigate it and typically shut down the individuals but there is always another one where that came from.

recently i had one that looked real, maybe from chase or something. but i went into chase directly, and accessed my account and it looked fine.

if you ever get one of those, DONT CLICK, just go directly to chase.com or paypal.com or whatever the phishing email was and login the way you normally do. if your account is really red-flagged, it will say so.

there are so many of these types of emails at any given day of the week, it's insane! just never click.

 

[icefisher]

Last week I got several just like the Chash phish, from Comerica bank, which is a local (i.e. midwest) bank.

I recognized it immediately because I closed my account with them back when I was 12 and had a paper route, and they wanted to charge me extra for depositing so many singles....

Mike

 

[Gemklctr]

Date: 2/9/2006 11:30:33 AM
Author: belle

Date: 2/9/2006 11:20:25 AM
Author: Dee Jay
GK - Forgive me for exhibiting total technical ingorance here, but does typing the URL into a new window take you to a different ''place'' than clicking on a link? And what if you copy the link into a new URL - where does that take you?

if you know the url of the place that you want to go i.e. ''pricescope'' you can type in the url www.pricescope.com to be sure that is where you are going. if you click on the link they provide i.e. www.pricescope.com (click the link!) you could be taken anywhere they want you to go. this is usually a site set up to look just like the original. copy and pasting would take you to the spoof site as well. the safest thing to do is type in the link rather than clicking on it if you are unsure.

Thanks for responding Belle. i just got back online (got to work sometime). Just to add without being technical, the problem is that the "www.pricescope.com" you see in the email is not representative of the actual Pricescope URL - which is just a set of numbers - but if you type it in yourself your own Internet service will recognize those letters as corresponding to the real site. The phisher hides the real address of its site under a false name in the link, or makes such subtle changes in the name that they are very hard to spot.