Chase card holders, beware

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

O2BBubbleFree

O2BBubbleFree

Contributor
Messages
1,656
Reaction score
4
Location
Cedar Park, TX
Hi all,

I just got a very official-looking email welcoming me to Chase Credit Card's on-line service.

First red flag - I've had a Chase account for several months.

Second red flag - if you hover over any of the links in the message the address bar shows the same address, no matter what the link is supposed to be for.

Third read flag - I went ahead and clicked on the 'Log On' button, and it went to www .cardsonline.chase.com... If I go to www .chase.com and click on their login link it goes to www .chaseonline.chase.com....

This seems to be yet another sneaky phishing attack (some idiot trying to steal log-on and password info).

As with all email, DO NOT fall for it. Never follow a link in an email to log into your accounts. Go directly to the site from outside of your email program.
 
What's also fun to try is to rearrange your URL address bar in a different spot than where the default is. If you're targeted for phishing they usually try to cover up the actual url with a fake.
 
You should notify Chase Bank of the situation. I say this as a concerned customer of that Bank. Good catch.
 
It's quite simple. Never click on a link that is sent to you via email. Period. Even if you know the sender you cannot be certain that the link is safe (a virus can send an email from your friend's computer). ESPECIALLY when the email is asking for personal information. If you need to visit a site such as your bank, open up a new browser window, enter the address yourself, and watch for the icon that tells you the site is secure (usually a padlock).
 
I received something similar supposedly from Paypal. I have reported it to them and sent them a copy of it. I often receive stuff supposedly from banks/credit card companies. Normally I don't have any relationship with the bank in question so I just delete it. Anyone I do have a relationship with - I report it.

I have also received numerous ones supposedly from Ebay.
 
It's called Phishing - I get several on a regular basis.

definition -

(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information. For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
Click to expand...

Like other people said... always check out the link... you can right click the link, and get the address, or just click on it even, to see the address... It will say it's EBAY (or chase or Pay Pal - whatever) on the page and even look like it, but if you look at the address it will usually be an IP address only like 204.123.142.23 (just making one up)

Don't enter personal information when solicited like this...
 
SStrecker:
You should notify Chase Bank of the situation. I say this as a concerned customer of that Bank. Good catch.
Click to expand...

Thanks, Stephan. I did try to report it to Chase, but couldn't find info on their site on how to report bogus sites. I could have just emailed their customer service, I suppose, but didn't figure it would go anywhere.

Kim:
I received something similar supposedly from Paypal. I have reported it to them and sent them a copy of it. I often receive stuff supposedly from banks/credit card companies. Normally I don't have any relationship with the bank in question so I just delete it. Anyone I do have a relationship with - I report it.

I have also received numerous ones supposedly from Ebay.
Click to expand...

Kim,

My wife received a PayPal one, also, and we reported it, as well. PayPal makes it easy to report.
 
howarde:
It's called Phishing - I get several on a regular basis.
Click to expand...

Yeah, that's why I called it a phishing attack. I guess I could have spelled it out since not everyone may know what that is. Thanks for providing the definition.

howarde:
Like other people said... always check out the link... you can right click the link, and get the address, or just click on it even, to see the address... It will say it's EBAY (or chase or Pay Pal - whatever) on the page and even look like it, but if you look at the address it will usually be an IP address only like 204.123.142.23 (just making one up)
Click to expand...

This one actually displayed a ligit-looking address. Funny thing was that the displayed address was the same for the 'login' button as it was for the 'click here if you want to be removed from our mailing list' link, and for the 'if this was sent to you by mistake...' link. All led to the same fake login page.

howarde:
Don't enter personal information when solicited like this...
Click to expand...

Like I said...
 
3dent:
Thanks, Stephan. I did try to report it to Chase, but couldn't find info on their site on how to report bogus sites. I could have just emailed their customer service, I suppose, but didn't figure it would go anywhere.
Click to expand...
I would just send them an email. They'll need a copy of what you got. I wrote down the IP addresses behind all the links on the page (hovering your mouse over them should display the actual address at the bottom if you use IE) and included them. I also included the internet headers - you can find them (if you are using Outlook Express) by right clicking on the message and going to Properties/Details.

I would be willing to bet that they take it very seriously.
 
You must log in or register to reply here.

Similar threads

DeputyDan
IRS information to know
Replies
0
Views
393
DeputyDan
DeputyDan
S
Paypal and your online bank account
2
Replies
13
Views
1,044
Paladin
Paladin
Magrone
Trip Report: Cities of Fish: Raja Ampat March 6-17 2011
2
Replies
11
Views
3,318
Shasta_man
S
reefduffer
Trip Report: Bonaire 10/19-28 2010
Replies
5
Views
1,488
DonnaC
DonnaC
cobra269
Long Review - Dive With Martin & Dive Log
2
Replies
19
Views
1,829
Dirty-Dog
Dirty-Dog

Back
Top Bottom