Phishing Email

What’s wrong with this sender’s address?

I usually get phishing emails from Bank of America, but today I got an alert from Chase that almost had me fooled.  Following my own advice from a previous article, How to Avoid Phishing Scams , I logged onto Chase on-line by typing in the URL address instead of clicking on the embedded email link.  If the alert was authentic, it would appear in my alert history.  There were no alerts to be found so I paid closer attention and immediately saw a big clue.  How long did it take your eye to recognize the spelling error of “verificatrion” instead of “verification?”

What does a phishing email look like?

Phishing is an attempt to steal money or identity by acquiring personal information such as user names, passwords, bank account or credit card details while posing as a trustworthy entity in an electronic communication such as an email or pop-up message.

Today’s email was a classic phishing email with an incorrectly spelled word in the sender’s name as well as spelling and grammatical mistakes in the body.  That said, I was rushing through my emails and would not have noticed the errors if I hadn’t stopped to think of basic on-line safety rules. Additionally, I was cautious because I found this email in my SPAM box.  (Occasionally, I find legitimate emails there  so I needed to look closer to be sure)  See the email below and notice the errors I circled in orange.

Chase Phishing email

Phishing emails usually have a sense of urgency!

Watch out for Pop-Up Messages

Chase Virus Warning

Pop Up – Virus Chase Alert

Before I signed into my Chase on-line account to verify the alert message today, I noticed a Personal Computer Virus Alert on the site.  Pop-ups can be more dangerous than clicking on links in emails and they can easily compromise confidential financial information.  You may mistakenly think it’s okay to fill out the pop-up because you were already careful and logged onto a site by typing in the URL.   Even worse, instead of acting immediately, the virus can hide on your computer until you visit a website it was intended to target.  Then it pops up and assumes you may have your guard down when it asks for private information.

Click on this “Find out more” link to get helpful tips from Chase and to see additional Chase phishing examples.

A Reminder of Some Important Do’s and Don’ts

  • Do Not click on links in emails or pop-up messages that ask for personal information or that take you to your financial institutions log-in page or to a page where you need to enter financial information, user names or passwords.
  • Do not cut and paste any links from the message into your Internet browser.  Links may look like they go to one place, but you can end up at a different site.
  • Do type in the URL or web address yourself or set up your own links to take you to your regular sites.  I set up all of my links by using AOL Favorites or Bookmarks on Google Chrome.
  • Do use a firewall and anti-virus and anti-spyware software and update them all regularly.
  • Do look for indicators that the site is secure before inputting any personal or financial information.  For example, look for a SSL Certificate, a lock icon on the browser’s status bar and a website URL that begins “https:” (the “s” stands for “secure”) instead of  ”http.”

    Https Secure Browsing

    Sony.com Checkout – Notice the Lock and the Https in the URL

For a refresher on how to avoid falling victim to Phishing Scams, please review the tips by clicking on this How to Avoid Phishing Scams link.

What to do if you accidentally compromise your financial information

Hopefully you will not fall prey to a Phishing email or pop-up virus.  But if you do:

  • Contact the financial institution immediately and tell them what happened
  • Do not go to any other sites that require financial information until you are certain you are virus-free.  These include banking sites, credit card sites, shopping sites or any site where you need to input financial information.
  • File a complaint at http://ftc.gov/ftc/contact.shtm
  • Visit the Federal Trade Commission’s Identity Theft website at www.consumer.gov/idtheft
  • Go to www.annualcreditreport.com to order a free annual credit report from any of the three major credit bureaus.  You may catch an incident early as new accounts opened by identity thieves are likely to show up on your credit report.

7 Responses to Chase Phishing Scam Close Call

  1. Lynne says:

    Great info, Hayley! I just fell victim to being hacked through Twitter and felt like an idiot for falling for the link I clicked on. Interesting that it sent similar yet slightly different messages to my followers. They are very sneaky!

    • Hayley Kaplan says:

      Hackers find a way into everything, don’t they? And like you, I’ve accidentally clicked on a link I shouldn’t have while multi-tasking. I got a virus instantly and had to reinstall my entire system to use my computer again.

  2. Faye says:

    I love the step by step instructions in how to recognize potential phishing emails. very well done! Thanks a lot.

  3. Cbase says:

    I don’t use online banking, but when I got the suspicious email from Chase a few months ago, I forwarded it to my banker at Chase. They confirmed it was a scam and said they like it when customers bring this to their attention.

  4. Stephanie Scott says:

    Hayley,
    I always learn so much from your articles! Thank you for researching and compiling important information which is easy to understand.
    Great article and blog!

    • Sharyn Ross says:

      I have a question: If you click on a site that asks for your personal information but you don’t give it-is there still a problem? Always learn so much from your blog! Thanks!

      • Hayley Kaplan says:

        It depends upon the site and it depends on the type of personal information you are talking about. For example, in order to download a free e-book from a site I use a lot, they ask for name, phone number, business name, website, email etc. I can enter false information and still get the e-book. No problem there.

        If you have a virus on your computer, it could reside on your computer and go into action at a later time when you are vulnerable such as when you are entering passwords, credit card information or doing on-line banking. You can pick up a virus by clicking on a malicious link, downloading an infected attachment etc. and you can also pick one up just from visiting a malicious site. (So in answer to your question, yes, you can get into trouble without entering personal information) Updated and good anti-virus software warns you about such sites and also blocks pop-ups with possible viruses in them.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

CommentLuv badge

Share →