Phishing campaign targets Chase customers
A new phishing campaign targeting Chase bank customers started today. This one is not a nice one either; the email contains an attachment that installs malware on the victim’s PC. The volume of email stopped by our email filters suggests that this a residual effect of an earlier data breach where hackers obtained a subset of customer details. The details were (according to Chase) contact information including email addresses.
Figure A shows the email. It is very realistic, and includes several links back to Chase bank. A Chase bank logo is used and is located in the top left of the email. The subject line of the email is “Thank you for scheduling your online payment”. We noticed two versions of the email, differing in the sender. One version has the sender as “user” whilst the second version has “Chase Card Services”. The email contains two attachments. One is called “payment.zip” or similar, whilst the second is called “payment.exe”. The greeting used in the email is simply “Dear”.
The email informs the recipient that a payment amount of 3898.96 will be credited to their credit card account, and lists the last four digits of a credit card. We have observed that the amount specified in the emails does not vary. Conversely, the credit card digits do vary from email to email. The email goes on to provide various ways that the recipient can manage their account online, and does provide links to the legitimate Chase site.
This phishing email is very sophisticated. The use of genuine links in a phishing email gives it a very authentic feel. However, it is a fake. The attachments are what our email filter spotted and blocked, but the other sign is the lack of a personal greeting, combined with the two attachments. Neither of these are actions bank use. We strongly recommend never opening an attachment from an unverified source.
This particular email has been forwarded to Chase bank security.