• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Phishing Email Impersonates Chase Fraud Alert

Phishing Email Impersonates Chase Fraud Alert

2020-07-15 by Keith Harlock

Chase Phishing Email

Chase Credit Card Phishing Email Sends Fake Fraud Alert

 A Chase credit card phishing email is making the rounds to inboxes. This email attack attempts to scare the recipient by sending them a fake fraud alert which asks them to verify a transaction. If the target is tricked, the phishing email attempts to steal the users’ payment information from a spoof web page.

The Chase phishing attack was reported by cyber security researchers at Darktrace. We also have one of these emails in our inbox.

Phishing Emails Use Scare Tactics

Phishing emails are designed to frighten the targeting into reacting without thinking. Often this is accomplished by scaring them with financial losses or blackmail.

In this phishing email scam, the victim is sent an email with a subject line claiming to be a  “Fraud Alert.” This is meant to alarm the recipient into opening the email and responding to the prompts. The body of the email lists a transaction dollar amount and vendor name. Of course, the recipient is not going to recognize the transaction because the threat actor fabricates it.

Motley Fool Buy Sign
Motley Fool Buy Sign

READ: Spear Phishing Email Scam Steals $389k from Shark Tank Host

Image Credit: AskCyberSecurity.com

The threat actors have taken great care to craft the email with Chase Bank branding. The email includes the Chase logo at the top and design elements matching the same color schemes Chase uses in their marketing collateral.

The Chase Bank phishing email asks the recipient if they recognize the fraudulent charge on their credit card account. The body of the email has two large buttons for the user to select depending they if recognize this fake credit card transaction. 

All Actions Lead to Phishing

Since the reader doesn’t recognize the transaction because it’s fabricated, they may act without thinking and choose “NO.”. The corresponding button that “NO” is colored red increasing the odds that the reader sees it and clicks it – all without taking the time to examine the email further.

The red button has text below it that informs the reader they will need to verify their credentials. Also tells them that chase will call them.

The reality is that it does not matter which button or link the reader clicks on. They all go to the same malicious web page.

All links in the body of the email and those at the bottom are all cloaked with a shortened URL. All links go to the same info stealing web page. The green “YES” button and the red “NO” button both take the user to the same spoofed web page. 

The customer service links at the bottom of the page which are placed to make the email notification appear more credible. The threat actors even go so far as to include a link to report suspicious emails. Just like all of the other links in the email, these links take the user to the credential phishing page.

JP Morgan Chase Bank, aka Chase Bank, is the second largest issuer of credit cards in the US. Although the phishing emails are not targeted at individuals, they are statistically likely to land in the inbox of a Chase cardholder.

According to a report by Darktrace, clicking on the links in the email redirects the victim to a spoof web page. The credential phishing web page is designed to look like an official Chase website. It prompts the reader to enter their username and password.

How to tell if this is a Chase credit phishing email

  • The Chase Phishing email does not use the customer’s name. It uses a generic greeting “Dear Customer.”
  • The copyright date shown at the bottom of the email is from last year.
  • Examine the sender’s email address carefully. The Chase Bank phishing email does not come from an official Chase Bank domain name. It doesn’t even come from an email address that remotely looks like it could be a Chase Bank email address.
  • Learn the difference between a friendly name in the email box theme how to spot a phishing email. 

THINK before you act. Examine the email sender, the contents of the email.

If you suspect fraud, then go to your bank’s website directly. Do NOT click on links in any financial account email.


When in doubt CALL your bank or credit card using the telephone number on the physical card (not listed in the email)

You may or may not actually have a Chase credit card account. There are many variations of credit cards administered by Chase Bank. Many of these cards are co-branded with airlines, retail stores, or other partners. Make sure any email notification matches your credit card type and issuer.

Read more from Darktrace

Filed Under: News Tagged With: phishing

About Keith Harlock

Keith has 30 years of experience managing staff for the planning and design of highway, bridge and transportation-related projects and specialty structures. Keith oversees the development of and authors numerous reports on a variety of topics related to transportation engineering and has worked with several key clients on projects related to infrastructure security. Keith is a licensed professional engineer in the State of New York, currently a State Board member of the American Council of Engineering Companies of New York and is a licensed commercial pilot with an instrument rating. He resides in Western New York.


LinkedInTwitter

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version