3 New Phishing Scams: Clever Chase Bank Customer Survey Phishing Scam

Phishing scams from Chase Bank, a phone number rather than a website address, and Citibank: Internet ScamBusters #188



Internet ScamBusters™
The #1 Publication on Internet Fraud

By Audri and Jim Lanford
Copyright © Audri and Jim Lanford
All rights reserved.
Issue #188



Hi,

Today we have a very important issue for you. We're going to tell you what's new in phishing scams, and show you how to protect yourself from these three new phishing scams:

- NEW: Clever Chase Bank Customer Survey Phishing Scam

- NEW: Phishing Scams Now Use Phones Instead of Fake Websites

- NEW: Very Clever Citibank Phishing Scam

First though, why don't you now check out some of the most popular recent articles from our other websites (the first one is a real eye-opener):

Has YOUR Social Security Number Been Stolen for Employment Fraud?

Get a Better Deal from Your Credit Card Company

Use Your Cell Phone at Home and Save Cash

Never Pay Full Price to Stay at a Hotel

Let's get going with today's new phishing scams...


NEW: Clever Chase Bank Customer Survey Phishing Scam


This Chase phishing scam came close to fooling a very good friend of ours. It's quite clever.

By the way, if you don't know what phishing scams are, please visit this page.

Anyway, here's how this new Chase phishing scam works:

The subject of the spam is:

      Customer Survey - Get $50 Reward

The spam email starts with:

The Chase Online department kindly asks you to take part in our quick and easy 5 question survey. In return we will credit $50.00 to your account - Just for your time!

It goes on to describe how it only takes two minutes, your answers will help them yada yada, etc. It's well done and looks authentic.

Of course, the spam doesn't really take you to the Chase Bank website. Instead, it takes you to a scammer's site in China.

The webpage itself and the initial questions they ask look quite authentic.

The catch, of course, is that they say that in order to credit your $50 reward, they want your Chase User ID and password, as well as your Chase credit card number, expiration date, three digit security number, Social Security number, ATM PIN Number, zip code, mother's maiden name and email.

Our friend figured out it was a scam when he saw the last batch of info requested. ;-)

However, the ploy of using a $50 reward for a customer service survey can be an effective phishing lure.

What to do: Never click on links from spam emails. Absolutely never enter your private information into a website from an email with a link -- whether it's to check your account info, resolve a fraudulent order, respond to a customer service survey, etc.


NEW: Phishing Scams Now Use Phones Instead of Fake Websites


In a new twist, identity thieves are sending spam that warns victims that their bank account or PayPal accounts were supposedly compromised.

Nothing new so far.

However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

The automated voice message says: "Welcome to account verification. Please type your 16-digit card number."

The goal is to get the victim to enter their credit card number. In these reported scams, no mention of the bank or PayPal is made.

You can see a sample scam email message (and hear an example of one of these scam voice messages by clicking on the Recording Link at the Websense Security Lab site) here:

http://www.websense.com/securitylabs/alerts/alert.php?AlertID=534


What to do: Never call a number you receive from a spam email, and certainly don't enter in any private information if you make a mistake and do call. If you want to call your bank, use the normal phone number you regularly use, not the phone number you get in an email.

You can read more about this scam here:

http://www.eweek.com/article2/0,1895,1985966,00.asp


NEW: Very Clever Citibank Phishing Scam


Another interesting phishing scam, this time supposedly from Citibank's Citibusiness service, warns that someone tried to log into your account and you must now "confirm" your account info.

Again, that's hardly new. The phishing spam takes you to a very convincing replica of the Citibusiness login page, including a long web address that looks like it ends with Citibank.com, but in fact goes to a website in Russia.

The login page asks for your user name, password, and a token-generated key that Citibusiness customers are used to. The phishing site passes the info to the real Citibusiness site, so if you intentionally put in bogus info, you'll get the real error messages from Citibusiness. It's very cleverly done.

What to do: Again, don't click on links in spam emails to "confirm" your account info. If you have a question, use your browser and directly type in the web address of your bank, etc.

For more info on this Citibank phishing scam, click here.

That's it for now -- time to close for today. Wishing you a wonderful week.

Scambusters contact
Copyright Audri and Jim Lanford. All Rights Reserved
Privacy Policy | Terms of Service | Subscribe

  rss feed