Cybercriminals Leverage Recent Chase Data Breach for Phishing Scam

Real / fake Chase Paymentech websites

A data breach such as the one suffered recently by JPMorgan Chase represents a perfect opportunity for cybercriminals. Shortly after news of the incident surfaced, cybercriminals started sending out phishing emails in an effort to trick users into handing over their personal details.

The emails, spotted by Sophos, carry the subject line “Chase Paymentech ALERT !!!” and they read something like this:

“During one of our regular verification procedures we’ve encountered a problem caused by the recent database breach. Please, take a time to complete the following information on your profile to end our identity verification process. Otherwise your access to Chase Paymentech services will be stopped. To verify information now, please follow the link.”

The link doesn’t point to a Chase website, but to a fake page where victims are instructed to hand over their information.

The bogus site is similar to the legitimate one, but it doesn’t use HTTPS. If you come across such emails, ignore them. If you’re a victim of this phishing attack, alert Chase immediately.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s