Bleeping Computer reports that a large-scale phishing scam is underway with a J.P. Morgan Chase Fraud Alert lure. The lure frames the phish as an alert that tells the recipient their accounts will be blocked because fraudulent activity has been detected. These scams are especially convincing this time of the year as many are shopping more than usual. It is also likely that some credit card purchases may have been recently declined as shopping habits can change. With these two aspects in mind, the likelihood a victim might fall for the phish is high.
Analyst Notes
The best way to protect oneself is to carefully inspect two key indicators of incoming email: the email address in the “from” or “reply-to” fields and the domain of the landing page. All legitimate Chase email addresses should end with chase.com and nothing else. If, for some reason the email seems to be legitimate, call a local branch or the phone number at the back of a Chase debit/credit card and ask if any fraudulent activity was detected. If, for some reason checking the email does not suffice, examine the link. Doing a long press on the link if on a smartphone or right-clicking to copy the link on a desktop computer can allow you to copy the forwarding link and paste it onto a notepad or use a URL service urlscan.io that can assist in determining if the landing page is a real Chase sign-in page. As always, slowing down to examine the alert you are getting will be the most effective tool to determine because, at that point, one can take time to explore the potential phish more closely. If in doubt, do not use the link from the email, and instead log in through the bank’s normal website or app.
References:
https://www.bleepingcomputer.com/news/security/psa-active-chase-phishing-scam-pretends-to-be-fraud-alerts/
https://urlscan.io/
