Home Computer Chase Email

Chase Email

Phishing attacks target Chase Bank customers

by stacy

Have you ever received an email purporting to be from your bank informing you that there was a problem with your bank account? Although we are all aware of the dangers of harmful communications and frauds, we may hesitate for a second, anxious that this warning might be legitimate and so worth investigating. And it is at this point that criminals think you will fall into their trap.

(FREE PDF) CHECK OUT: Social Engineering: A Cheat Sheet for Business Professionals (TechRepublic)

Security coverage that must be read
Privacy in the digital age: DuckDuckGo recently completed a successful year and is anticipating an even better 2022.
Make use of this easy script to check for Log4j vulnerabilities. It also contains eight sophisticated threats. Kaspersky estimates that it will be in 2022.
End-user data backup policies are defined as follows: (TechRepublic Premium)
Several recent phishing efforts targeting Chase Bank clients were examined in a new report released on Tuesday by email security service Armorblox, which also included recommendations on how to defend oneself from such scams.

A credit card statement was stated to be included in the first campaign, while the second informed recipients that their account access had been blocked due to odd behavior. There was only one purpose in both of these instances: to gain your account credentials.

Spoofed Chase credit card statement

In this assault, the faked email had the subject “Your Credit Card Statement Is Ready” and the sender name “Jp Morgan Chase” in the body of the message. The letter itself had a style and layout that was similar to that of authentic Chase emails, and it featured links to your statement and to make payments online with Chase. When you clicked on the primary link in the email, you were sent to a faked Chase login page, where you were prompted to input your bank account details, which the fraudsters automatically grabbed.

Spoofed Chase locked account workflow

The domain name that was utilized for the landing page was hosted by NameSilo, which is a genuine hosting firm, but one where hackers may easily and inexpensively set up shop to start harmful activities. After being assigned a Spam Confidence Level of -1, the emails were able to pass through spam filtering from Microsoft Exchange Online Protection and Microsoft Defender for Office 365, respectively. A safe sender, a safe recipient, and an email server on the IP Allow list are all considered when assigning a grade to an email.

Chase locked account workflow was tampered with.
In this effort, the attackers pretended to be from the Chase fraud department and informed the recipients that their account access had been blocked owing to suspicious login behavior on their behalf. The emails, which had the subject line “URGENT: Unusual sign-in behavior,” were sent from the sender name “Chase Bank Customer Care,” according to the FBI. The message itself featured a link that potential victims may use to validate their accounts and regain access to their previous settings. Naturally, clicking on the link directs the user to a landing page where they are prompted to provide their login information.

How to protect yourself from these scams

This email also received a Spam Confidence Level of -1 from both Microsoft Exchange Online Protection and Microsoft Defender for Office 365, allowing it to bypass both systems and reach users’ inboxes without being detected.

In these types of campaigns, fraudsters use a range of methods and tactics to deceive naïve victims into believing they are legitimate.

Because smart cybercriminals know how to push the proper buttons, social engineering is essential to launching a successful assault. A sense of trust and urgency is conveyed through the subject lines, senders’ names, and content of the emails, urging recipients to take immediate action. Another important issue is the mimicry of a brand. These types of emails use the same branding, design, and layout that can be seen on authentic Chase messages and webpages, such as Chase.com.

How to protect yourself from falling victim to one of these scams
Following are a few suggestions from Armorblox on how to protect yourself and your organization from these types of phishing attempts.

Additional controls can be added to the native email security to make it even more secure. It appears that both emails managed to get past Microsoft’s security measures, indicating that an additional layer of protection is required. Organizations should supplement their native email security with additional layers that employ a different approach to threat detection than the one used by the email client. Gartner’s Market Guide for Email Security contains new security methods that will be introduced in 2020, according to the company.
Look for cues that indicate social engineering. Given the large number of communications we receive from service providers, we tend to act without thoroughly examining the message before doing so. Ultimately, the idea is to scan these emails more systematically and thoroughly. Examine the sender’s name, the sender’s email address, and the language used in the email itself before proceeding. Investigate the email for any discrepancies that can raise problems such as “Why is my bank sending emails to my work account?” and “Why is the URL’s parent domain different from chase.com?”
Best practices for passwords and multi-factor authentication should be followed. In case you haven’t previously, take into consideration the following practices: 1) Where possible, use multi-factor authentication on all business and personal accounts; 2) Avoid using the same password across multiple sites or accounts; 3) Make use of a password manager to keep track of your passwords; 4) Avoid using passwords that are associated with your date of birth, anniversary date, or other publicly available information; and 5) Avoid using generic passwords such as “password,” “qwerty,” or “12345.”

Related Posts

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More