ACTION REQUIED: Notice for your account
Received-SPF: none (domain of ime2.jpmchase.com does not designate permitted sender hosts)
Authentication-Results: mta1000.mail.ird.yahoo.com from=; domainkeys=neutral (no sig); from=ime2.jpmchase.com;
dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO smtp01.bgsu.edu) (18.104.22.168)
by mta1000.mail.ird.yahoo.com with SMTP; Fri, 31 Aug 2012 08:41:53 -0700
Received: from smtp.bgsu.edu (admin-172-18-50-99.wireless.bgsu.edu [172.18.50.99])
by smtp01.bgsu.edu (Switch-3.2.5/Switch-3.1.6) with SMTP id q7VFd0g4028529;
Fri, 31 Aug 2012 11:39:02 -0400 (EDT)
From: "Chase Online®"<firstname.lastname@example.org>
Subject: ACTION REQUIED: Notice for your account
Date: Fri, 31 Aug 2012 11:39:23 -0400
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
|Email Security Information|
|Note: This is a service message with information related to your
Chase account(s). It may include specific details about
transactions, products or online services.
|Your personal information is protected by advanced technology. For more detailed security information, view our Online Privacy Notice. To request in writing: Chase Privacy Operations, P.O. Box 659752, San Antonio, TX 78265-9752.
JPMorgan Chase Bank, N.A. Member FDIC
©2012 JPMorgan Chase & Co.
This email was sent to: You
Please understand that this is a security procedure intended to safeguard our valued customers and thier account(s) information
Chase will never send you an e-mail with horrible grammar and typos like this.
Wow! We would have never guessed that.
An HTML file with the name 0,,2_700271--FileV_7103_01.html was attached to this e-mail. This fake Chase web page asks for A LOT of personal and sensitive information, like your user id, password, complete credit card information, social security number, tax number, your mother's maiden name, your birth date, driver's licence number, your e-mail address and the password to your e-mail account as well. Chase will never request personal information like this via e-mail.
The scammers even have a lame excuse for requesting the password to your e-mail account:
This makes not sense at all. If the bank has the password to your e-mail account on file, how will this prevent someone from using the Identification code? This is hogwash and Chase will never request the password to your e-mail account.
This scam bears a close resemblance to one of the latest ABSA phishing scams. The approach is basically the same, but this one is a bit more easier for the user to execute, so it will likely be more effective and therefore poses a higher threat.
Related Cyber Criminal Profiles:No related profiles found.
Similar Spam Examples:Banking Phishing Scam - Your Chase Credit Card Account
Chase Account Form Phishing Scam
Banking Phishing Scam - Chase Alert(SM): Notice for your Account
Chase Online Banking Phishing Scam - You Have New Mail
Malware Spam - Chase Merchant Statement