Scareware gang phishes for Chase banking details

by Graham Cluley on December 6, 2008 | Comments Off

Filed Under: Spam

The organised cybercrime gang responsible for the fake anti-virus scareware campaign I blogged about yesterday, are now turning their hands to phishing.

Emails, claiming to be directed at credit card customers of the Chase bank, actually point to a domain name which was being used yesterday to spread bogus anti-virus software.

Part of the phishing email reads as follows:

Important Information Regarding Your Chase Credit Card

Dear Chase Client ,

This is your official notification that the service(s) listed below
will be deactivated and deleted if not renewed immediately.
Previous notifications have been sent to the Billing Contact assigned to
this account.
As the Primary Contact, you must renew the service(s) listed below.

SERVICE: CHASE CREDIT CARD
Expiration: December 04 , 2008

If you visit the embedded link in the email you are taken to a cloned version of the Chase login page - with any login information you enter being put straight into the hands of the gang.

cloned-chase-site.jpg

We've been saying for some time now that one of the dangers of purchasing fake anti-virus software is that you aren't just buying a bogus product sold through unethical marketing methods, but also that you're endangering your bank account by handing the criminals your credit card details. Well, here's the truth that they are prepared to use any means necessary to grab your confidential bank information.

Tags:

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.