Security Incidents mailing list archives
New Phishing Technique?
From: Mace.Scott () tatravelcenters com
Date: Fri, 17 Mar 2006 14:59:39 -0500
A couple of phishing emails got through our spamassasin/clamav filter here at work, and through to my gmail account, damn near simultaneously. Both with very different text, and different urls. Now clamav is generally very capable of stopping phishing attacks, so I'm surprised these made it through. More interesting, is the fact one got through Gmail as well. And it's very obvious a phish. Here's the text of the email (I added 11111 to the end of the url to guard against accidental clicking): Incidentally, Lotus Notes complains of an untrusted certificate when the email is opened. Dear Chase account holder, We recently reviewed your account, and suspect that your Chase Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your account and of the Chase Bank network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore your account access, please take the following steps to ensure that your account has not been compromised: 1. Login to your Chase Internet Banking account. In case you are not enrolled for Internet Banking, you will have to use your Social Security Number as both your Personal ID and Password. 2. Review your recent account history for any unauthorized withdrawals or deposits, and check your account profile to make sure not changes have been made. If any unauthorized activity has taken place on your account, report this to Chase staff immediately. www.chase.com/signon?SIGNON_XCP=1010 We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire Chase system. Thank you for your prompt attention to this matter. Sincerely, The Chase Bank Team Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Chase Bank account and choose the "Help" link in the header of any page. ® 2006 JPMorgan Chase & Co.security manager. All rights reserved. Becky Draftel ========================= Scott Mace Security Administrator Travelcenters of America maceDOTscottATtatravelcentersDOTcom =========================
Current thread:
- New Phishing Technique? Mace . Scott (Mar 17)
- Re: New Phishing Technique? Valdis . Kletnieks (Mar 17)