Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

New Phishing Technique?

From: Mace.Scott () tatravelcenters com
Date: Fri, 17 Mar 2006 14:59:39 -0500
A couple of phishing emails got through our spamassasin/clamav filter here 
at work, and through to my gmail account, damn near simultaneously.  Both 
with very different text, and different urls.  Now clamav is generally 
very capable of stopping phishing attacks, so I'm surprised these made it 
through.  More interesting, is the fact one got through Gmail as well. And 
it's very obvious a phish.  Here's the text of the email (I added 11111 to 
the end of the url to guard against accidental clicking):
 Incidentally, Lotus Notes complains of an untrusted certificate when the 
email is opened.


Dear Chase account holder,
We recently reviewed your account, and suspect that your Chase Internet 
Banking account may have been accessed by an unauthorized third party. 
Protecting the security of your account and of the Chase Bank network is 
our primary concern. Therefore, as a preventative measure, we have 
temporarily limited access to sensitive account features. 
To restore your account access, please take the following steps to ensure 
that your account has not been compromised:
1. Login to your Chase Internet Banking account. In case you are not 
enrolled for Internet Banking, you will have to use your Social Security 
Number as both your Personal ID and Password.
2. Review your recent account history for any unauthorized withdrawals or 
deposits, and check your account profile to make sure not changes have 
been made. If any unauthorized activity has taken place on your account, 
report this to Chase staff immediately.
www.chase.com/signon?SIGNON_XCP=1010
We apologize for any inconvenience this may cause, and appreciate your 
assistance in helping us maintain the integrity of the entire Chase 
system. Thank you for your prompt attention to this matter.
Sincerely,
The Chase Bank Team
Please do not reply to this e-mail. Mail sent to this address cannot be 
answered. For assistance, log in to your Chase Bank account and choose the 
"Help" link in the header of any page.
® 2006 JPMorgan Chase & Co.security manager. All rights reserved.
Becky Draftel


=========================
Scott Mace
Security Administrator
Travelcenters of America
maceDOTscottATtatravelcentersDOTcom
=========================
Previous By Date Next
Previous By Thread Next

Current thread: