• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
      • Identity theft
    • Malware
      • Ransomware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » News » Phishing Email Impersonates Chase Fraud Alert

Phishing Email Impersonates Chase Fraud Alert

2020-07-15 by Keith Harlock

Chase Phishing Email

Chase Credit Card Phishing Email Sends Fake Fraud Alert

 A Chase credit card phishing email is making the rounds to inboxes. This email attack attempts to scare the recipient by sending them a fake fraud alert which asks them to verify a transaction. If the target is tricked, the phishing email attempts to steal the users’ payment information from a spoof web page.

The Chase phishing attack was reported by cyber security researchers at Darktrace. We also have one of these emails in our inbox.

Phishing Emails Use Scare Tactics

Phishing emails are designed to frighten the targeting into reacting without thinking. Often this is accomplished by scaring them with financial losses or blackmail.

In this phishing email scam, the victim is sent an email with a subject line claiming to be a  “Fraud Alert.” This is meant to alarm the recipient into opening the email and responding to the prompts. The body of the email lists a transaction dollar amount and vendor name. Of course, the recipient is not going to recognize the transaction because the threat actor fabricates it.

Motley Fool Buy Sign
Motley Fool Buy Sign

READ: Spear Phishing Email Scam Steals $389k from Shark Tank Host

Image Credit: AskCyberSecurity.com

The threat actors have taken great care to craft the email with Chase Bank branding. The email includes the Chase logo at the top and design elements matching the same color schemes Chase uses in their marketing collateral.

The Chase Bank phishing email asks the recipient if they recognize the fraudulent charge on their credit card account. The body of the email has two large buttons for the user to select depending they if recognize this fake credit card transaction. 

All Actions Lead to Phishing

Since the reader doesn’t recognize the transaction because it’s fabricated, they may act without thinking and choose “NO.”. The corresponding button that “NO” is colored red increasing the odds that the reader sees it and clicks it – all without taking the time to examine the email further.

The red button has text below it that informs the reader they will need to verify their credentials. Also tells them that chase will call them.

The reality is that it does not matter which button or link the reader clicks on. They all go to the same malicious web page.

All links in the body of the email and those at the bottom are all cloaked with a shortened URL. All links go to the same info stealing web page. The green “YES” button and the red “NO” button both take the user to the same spoofed web page. 

The customer service links at the bottom of the page which are placed to make the email notification appear more credible. The threat actors even go so far as to include a link to report suspicious emails. Just like all of the other links in the email, these links take the user to the credential phishing page.

JP Morgan Chase Bank, aka Chase Bank, is the second largest issuer of credit cards in the US. Although the phishing emails are not targeted at individuals, they are statistically likely to land in the inbox of a Chase cardholder.

According to a report by Darktrace, clicking on the links in the email redirects the victim to a spoof web page. The credential phishing web page is designed to look like an official Chase website. It prompts the reader to enter their username and password.

How to tell if this is a Chase credit phishing email

  • The Chase Phishing email does not use the customer’s name. It uses a generic greeting “Dear Customer.”
  • The copyright date shown at the bottom of the email is from last year.
  • Examine the sender’s email address carefully. The Chase Bank phishing email does not come from an official Chase Bank domain name. It doesn’t even come from an email address that remotely looks like it could be a Chase Bank email address.
  • Learn the difference between a friendly name in the email box theme how to spot a phishing email. 

THINK before you act. Examine the email sender, the contents of the email.

If you suspect fraud, then go to your bank’s website directly. Do NOT click on links in any financial account email.


When in doubt CALL your bank or credit card using the telephone number on the physical card (not listed in the email)

You may or may not actually have a Chase credit card account. There are many variations of credit cards administered by Chase Bank. Many of these cards are co-branded with airlines, retail stores, or other partners. Make sure any email notification matches your credit card type and issuer.

Read more from Darktrace

Filed Under: News Tagged With: phishing

About Keith Harlock

Keith has 30 years of experience managing staff for the planning and design of highway, bridge and transportation-related projects and specialty structures. Keith oversees the development of and authors numerous reports on a variety of topics related to transportation engineering and has worked with several key clients on projects related to infrastructure security. Keith is a licensed professional engineer in the State of New York, currently a State Board member of the American Council of Engineering Companies of New York and is a licensed commercial pilot with an instrument rating. He resides in Western New York.


LinkedInTwitter

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

511 Tactical

WHAT TO SHOP NOW

Shop

Safeguard Your Money with a VPN

Beat the Stock Market! - Get Rule Breakers!

Malwarebytes Anti-Virus is On Sale!

Shop Kaspersky Anti-Virus

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Fake eBay Notification Scam Steals Big Money

Principal Security Consultant – AWS

NJCCIC Announces Alice in Cyberspace 2021

Email Service Cuts Off Gun Rights Nonprofit

Security Engineer – Amazon

Categories

Cyber Security News

Fake eBay Notification Scam Steals Big Money

… [Read More...] about Fake eBay Notification Scam Steals Big Money

NJCCIC Announces Alice in Cyberspace 2021

… [Read More...] about NJCCIC Announces Alice in Cyberspace 2021

PayPal Phishing Scam Steals Accounts

… [Read More...] about PayPal Phishing Scam Steals Accounts

Gun Forum Booted by Domain Registrar

… [Read More...] about Gun Forum Booted by Domain Registrar

More Cyber Security News

Tags

amazon Android Apple bitcoin Career China chrome CISA credit card Cyber Attack Cyber security Data Breach data privacy DHS Equifax Facebook FBI Firefox FTC games GDPR Google Government hack hacker identity theft iPhone Iran IRS malware Microsoft North Korea PayPal phishing phishing email ransomware Russia scam smartphone TikTok tutorial VPN web browser WhatsApp WiFi

Government

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

Texas DOT Hit by Ransomware Attack

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • News
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2021 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version