Heads Up - Chase email Fraud Attempt

Discussion in 'other security issues & news' started by StevieO, Apr 6, 2006.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Got this just now, i know it's a fraud, and i don't have a Chase account anyway -

    From : <Chase@update454.Chase.com>
    Reply-To : <Chase@update30372.Chase.com>
    Sent : Thursday, April 6, 2006 12:59 AM
    To : <correct@hotmail.com>
    Subject : Alert From Chase Card Services number: 0333759.

    MIME-Version: 1.0
    Received: from LOST3 ([217.52.211.50]) by bay0-mc11-f2.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 6 Apr 2006 09:59:58 -0700
    Received: (qmail 7346 by uid 397); Thu, 6 Apr 2006 06:59:58 +0200
    Received: from LOST3 (217.52.211.50) by LOST3 with SMTP;
    Received: (qmail 7346 by uid 397); Thu, 6 Apr 2006 06:59:58 +0200
    Delivered-To: <incorrect@hotmail.com>
    Return-Path: incorrect@hotmail.com


    Notice the discrepencies here ? I've changed my real Addy for correct and incorrect, they where only slightly different ! -

    To : <correct@hotmail.com>

    Delivered-To: <incorrect@hotmail.com>
    Return-Path: incorrect@hotmail.com


    To get started, please click the link below:

    hxxps://Chase.com/update?account293484

    http://img339.imageshack.us/img339/6637/chase11pl.png


    StevieO
     
  2. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    I always get some from CitiBank and I don't even have an account there.
    Doesn't fool me, but I guess a lot of people do take the bait. :mad:
    Oops! Account robbed. o_O
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This is another example of a phishing scam spoofing a web site url.

    Customers of Chase would probably recognize the faulty grammar/spelling, and the reference to "Chase Bank" instead of "Chase."

    http://www.rsjones.net/imgs/chase.gif

    The scam was reported on April 2 and is no longer working.

    http://www.millersmiles.co.uk/report/2421

    "The REAL URL of the spoof website is disguised as https://Chase.com/."

    This type of url spoofing is easily caught if the user

    1) goes directly to the bank via a bookmarked link, rather than clicking on the email link; then, check the account for information/messages

    2) has a firewall custom address list for secure sites, which would alert to a spoofed URL
     
Loading...
Thread Status:
Not open for further replies.