A data breach such as the one suffered recently by JPMorgan Chase represents a perfect opportunity for cybercriminals. Shortly after news of the incident surfaced, cybercriminals started sending out phishing emails in an effort to trick users into handing over their personal details.
The emails, spotted by Sophos, carry the subject line “Chase Paymentech ALERT !!!” and they read something like this:
“During one of our regular verification procedures we’ve encountered a problem caused by the recent database breach. Please, take a time to complete the following information on your profile to end our identity verification process. Otherwise your access to Chase Paymentech services will be stopped. To verify information now, please follow the link.”
The link doesn’t point to a Chase website, but to a fake page where victims are instructed to hand over their information.
The bogus site is similar to the legitimate one, but it doesn’t use HTTPS. If you come across such emails, ignore them. If you’re a victim of this phishing attack, alert Chase immediately.