Chase Bank Customers Beware of New Phishing Campaign

Published by Reza Rafati on

Clients of the Chase Bank beware of the latest phishing campaign which is trying to gather your credentials. In this post, I will take a dive with you into the latest Chase Bank phishing campaign and I will explain how you can recognize the fraudulent website.

View of the Fake Chase page

Chase Bank phishing

The cybercriminals are trying to gather credentials by creating phishing websites that look similar to the Chase login page. The criminals do this as the stolen credentials can given them access, which in order allows them to utilize the funds. The criminals can also decide to resell the stolen credentials.

Credentials theft in action

Wrong Chase domain

The combination of keywords is something cybercriminals often use in their domains. These domains are then used to lure the chase customers into the phishing campaign.

Example of a phishing domain

It is therefore recommended that when you are about to click on a link, to always validate and verify that you are visiting the official website.

Anti-virus solutions will not help

Ok, this is a bit harsh, they do help, but you need to remain vigilant. Not every anti-virus or “security” solution will have 100% coverage. Just take a look at this list, all of the seen domains are used for credential harvesting attacks.

When we take a look at the detection, we will also notice that from the 94 anti-virus solutions, less than a dozen were able to identify the phishing attack.

Inform and stay vigilant

I hope that the information above has helped you to identify the current Chase phishing campaign. Please use the tips and share them with other people. Inform your bank every time that you receive an phishing attack, this actually helps them to create reports and initiate their processes to fight these phishing campaigns.

Advice from Chase Support

The support team from Chase is actually active on Twitter. They decided to add some additional information.

Chase Support giving advice

Some tips from them the Chase support team on Twitter:

  • Send Chase phishing attacks to phishing[@]chase.com
  • Don’t respond to any emails or links which you have identified as phishing
  • Delete the phishing attack after sending it to their official Chase email address
  • Chase will never send any communication asking someone to provide their credentials
Share this information

Reza Rafati

Founder of Cyberwarzone.com.