Heads Up - Chase email Fraud Attempt

Discussion in 'other security issues & news' started by StevieO, Apr 6, 2006.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Got this just now, i know it's a fraud, and i don't have a Chase account anyway -

    From : <Chase@update454.Chase.com>
    Reply-To : <Chase@update30372.Chase.com>
    Sent : Thursday, April 6, 2006 12:59 AM
    To : <correct@hotmail.com>
    Subject : Alert From Chase Card Services number: 0333759.

    MIME-Version: 1.0
    Received: from LOST3 ([217.52.211.50]) by bay0-mc11-f2.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 6 Apr 2006 09:59:58 -0700
    Received: (qmail 7346 by uid 397); Thu, 6 Apr 2006 06:59:58 +0200
    Received: from LOST3 (217.52.211.50) by LOST3 with SMTP;
    Received: (qmail 7346 by uid 397); Thu, 6 Apr 2006 06:59:58 +0200
    Delivered-To: <incorrect@hotmail.com>
    Return-Path: incorrect@hotmail.com


    Notice the discrepencies here ? I've changed my real Addy for correct and incorrect, they where only slightly different ! -

    To : <correct@hotmail.com>

    Delivered-To: <incorrect@hotmail.com>
    Return-Path: incorrect@hotmail.com


    To get started, please click the link below:

    hxxps://Chase.com/update?account293484

    http://img339.imageshack.us/img339/6637/chase11pl.png


    StevieO
     
  2. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    I always get some from CitiBank and I don't even have an account there.
    Doesn't fool me, but I guess a lot of people do take the bait. :mad:
    Oops! Account robbed. o_O
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    This is another example of a phishing scam spoofing a web site url.

    Customers of Chase would probably recognize the faulty grammar/spelling, and the reference to "Chase Bank" instead of "Chase."

    http://www.rsjones.net/imgs/chase.gif

    The scam was reported on April 2 and is no longer working.

    http://www.millersmiles.co.uk/report/2421

    "The REAL URL of the spoof website is disguised as https://Chase.com/."

    This type of url spoofing is easily caught if the user

    1) goes directly to the bank via a bookmarked link, rather than clicking on the email link; then, check the account for information/messages

    2) has a firewall custom address list for secure sites, which would alert to a spoofed URL
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.