We reported on Verizon scam emails back in March, another email phishing scam has started circulating over this past weekend and it's one from Chase Financial.
We haven't found any articles on this particular email phishing scam, but it's a pretty good looking fake email. The email reads in part,
"Our records indicate that you recently added or made a change to one of your email address. This notification is to confirm that you initiated this change."
Most would say, "hmm that's odd I don't recall changing that, let's login and see what's up..." and that is exactly what these scammers want you to do. I received two of these emails in less than 24 hours, originating from two different sent addresses. I should also point out that I am not a Chase customer, so my scam alert popped up right away.
Digging around the email, I found that it linked to a website that looked nearly identical to the real Chase site; but like the Verizon scam, the website's address was way-off from the real thing (see photo).
As I wrote in the Verizon scam email, things to look for in suspicious website/emails is this:
"scammers using sub-domains and setting up fake looking websites. An example would be, www.REALWEBSITE.com.SCAMSITE.com/WHATEVER -notice the second .com? That would be the real .com."
The domain that the phishing email directed to is one out of Toronto according to NetworkSolution's Whois search -this is of course not to say that the site owner is the scammer, his site could have been hacked and is being used by the real scammers.
Stay safe out there on the World Wide Web people.
What is phishing?
Phishing (pronounced fishing) is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whoselook and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.