In one of the most legitimate looking phishing ploys in recent times, phishers are out to steal account information from unsuspecting customers of Chase Manhattan Bank. More interestingly, this fraudulent scheme cons you while giving a lesson or two in online account security!
Security experts at MicroWorld Technologies inform that this spoof mail starts off with some good sermons on measures taken by Chase Bank to safeguard customer´s personal financial information. It claims that anti-fraud units regularly scan user accounts for suspicious activity. Then it drops the bomb shell. The mail informs that multiple attempts to break into user´s account have been detected and subsequently the account is suspended temporarily. To re-validate the account, users are told to click on a link.
On clicking the link, user is taken to a website that´s strikingly similar to that of Chase bank. It tells the user to enter usernames, passwords and other details into the online form and the information keyed in goes straight to the hands of the phisher. Even the spoof website address looks very similar to the actual URL of Chase bank.
“This one is like a thief coming in the guise a cop,” says Govind Rammurthy, CEO, MicroWorld Technologies. “I must say, they have done a very convincing job in their bid to look authentic, though psychologically the ploy is the same. It´s about hijacking your senses with some clever words to get you fall in line. The thing about social engineering is that your means could be anything, but what matters is the end. And definitely at the end, the victim is the loser!”
Many Phishing scams in the past have been exposed by MicroWorld Technologies in their continuous battle to secure the Internet. Some methods used in phishing schemes are like luring by money and other incentives, offers to take part in contests and more recently shock and scare. Studies by ´Anti-Phishing Working Group´ reveal that phishing attacks reached an all-time high in the month of March with more than 18,000 new unique phishing attempts along with an addition of 10,000 phishing websites.