Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
adv ex on 5 january 2024
adv ex on 22 February 2024
adv ex on 22 February 2024
banner Expire 26 April 2024
Rescator cvv and dump shop
banner expire at 13 May

Yale lodge shop
UniCvv
banner Expire 1 April  2021

THREAT ACTORS IMPERSONATE CHASE BANK

ALBERT

TRUSTED VENDOR
Staff member
Joined
Dec 3, 2020
Messages
1,214
Threat researchers at Armorblox have come across two new phishing scams targeting customers of JPMorgan Chase Bank.

Both attacks deployed social engineering and brand impersonation tactics in an attempt to steal customers' login credentials.

While one scam involved an email that appeared to contain a credit card statement, the other impersonated a locked account workflow to falsely inform victims that access to their account had been blocked following the detection of unusual login activity.

Amorblox researchers said that the first scam "skipped spam filtering because Microsoft determined that the email was from a safe sender, to a safe recipient, or was from an email source server on the IP Allow list."

The fraudulent email, titled "Your Credit Card Statement Is Ready," appeared to have been sent by "Jp Morgan Chase." Its content was fashioned to resemble genuine communications from the American national bank.

"The email contained HTML stylings similar to genuine emails sent from Chase, and included links for the victim to see their statement and make payments," said the researchers.

Victims who clicked the links would be taken to a web page resembling the Chase login portal and asked to enter their banking account credentials.

"Attackers often bank on victims not paying enough attention to inconsistencies like the URL not being from the Chase domain for example," said researchers.

"They assume that because we have busy lives and over-flowing inboxes, we will click before we think."

Researchers found that the malicious website had been registered with budget Arizonian IT service management company NameSilo, which provides hosting, email, and SSL solutions.

"Services like this are beneficial for millions of people around the world, but unfortunately also lower the bar for cybercriminals looking to launch successful phishing attacks," noted researchers.

In the second attack, cyber-criminals impersonated the Chase Fraud Department with an email titled "URGENT: Unusual sign-in activity" that looked like it had been sent by "Chase Bank Customer Care." Inside the email was a malicious account-verification link that victims were told to follow to restore access to their account.
Researchers shared a useful tip for spotting a phishing attack. They said the locked account impersonation attack had different "reply-to" and "from" addresses, "which is a common adversarial technique employed in email attacks."
 
Top Bottom