I recently received this following e-mail.
We’re writing to let you know that a recent unusual activity was made on your chase account.
To see a detailed notice about this situation, please log on to Chase to sign in with your correct credential(s) and go to the Account Activity page or the Account Notices page for your account.
If you aren’t enrolled to the new two-way verification process or you think you’ve received this message in error, please call our Customer Support team. To find the appropriate phone number for your account type, go to the Customer Center on Chase Online click the “Contact us” link.
Please don’t reply directly to this automatically-generated e-mail message.
Online Banking Team
At first it looks serious but then, I don’t even have an account with Chase. How can there be any suspicious activity?
Then I took a look at the link in the e-mail. Curiously enough, the sender used a URL shortener service to disguise the target address. In a mood to be humored, I clicked the link anyway, and that’s when things got interesting.
I arrived at what looks like the official web site for Chase Bank. By all accounts it looks real.
But the site’s address in the address bar told me a different story. There was some long address that’s completely uncharacteristic of a real banking site.
In a mood to be humored further, I clicked the link for resetting my password just to see what came up and it was then I realized I had wandered into the trap. I later noticed that this same page comes up when you click on “Enroll Now”.
Look at this.
In order to proceed you have to enter your social security number, date of birth, your mother’s maiden name, your driver’s license number and even your credit card information, including its expiration date, CVV and PIN. On top of that there is no secure connection for transmitting this sensitive information. Had I submitted this information, I too would have fallen victim to this phishing scam. Who knows what horrors would have unfolded next.