Heads Up - Chase email Fraud Attempt

Got this just now, i know it's a fraud, and i don't have a Chase account anyway -

From : <Chase@update454.Chase.com>
Reply-To : <Chase@update30372.Chase.com>
Sent : Thursday, April 6, 2006 12:59 AM
To : <correct@hotmail.com>
Subject : Alert From Chase Card Services number: 0333759.

MIME-Version: 1.0
Received: from LOST3 ([217.52.211.50]) by bay0-mc11-f2.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 6 Apr 2006 09:59:58 -0700
Received: (qmail 7346 by uid 397); Thu, 6 Apr 2006 06:59:58 +0200
Received: from LOST3 (217.52.211.50) by LOST3 with SMTP;
Received: (qmail 7346 by uid 397); Thu, 6 Apr 2006 06:59:58 +0200
Delivered-To: <incorrect@hotmail.com>
Return-Path: incorrect@hotmail.com


Notice the discrepencies here ? I've changed my real Addy for correct and incorrect, they where only slightly different ! -

To : <correct@hotmail.com>

Delivered-To: <incorrect@hotmail.com>
Return-Path: incorrect@hotmail.com


To get started, please click the link below:

hxxps://Chase.com/update?account293484

http://img339.imageshack.us/img339/6637/chase11pl.png


StevieO

 

I always get some from CitiBank and I don't even have an account there.
Doesn't fool me, but I guess a lot of people do take the bait.
Oops! Account robbed.

 

This is another example of a phishing scam spoofing a web site url.

Customers of Chase would probably recognize the faulty grammar/spelling, and the reference to "Chase Bank" instead of "Chase."

http://www.rsjones.net/imgs/chase.gif

The scam was reported on April 2 and is no longer working.

http://www.millersmiles.co.uk/report/2421

"The REAL URL of the spoof website is disguised as https://Chase.com/."

This type of url spoofing is easily caught if the user

1) goes directly to the bank via a bookmarked link, rather than clicking on the email link; then, check the account for information/messages

2) has a firewall custom address list for secure sites, which would alert to a spoofed URL