« 419er Gets 376 | Main | Stifling Curiosity »

February 15, 2006

A very convincing Chase Bank phishing message and associated Web site will certainly trick lots of customers.

The come-on is a "$20 Chase Gift Certificate" for filling out a survey form. The URL of the phony Web site has the words "chase" and "survey" as components, and the message proudly displays this URL because it is, I guess, believable. The Web site page is very well done, and asks for your account username and password, as well as a Chase card number, PIN, and expiration date. Although the page is not served up as a secure page, I don't believe a lot of victims will notice the lack of the lock.

Spam Wars readers would know, however, how to check a few things before getting into trouble. First, the header of the phishing email message (at least the one I received) shows it to have been sent from an @home account in the Netherlands. Second, a lookup of the "chase" domain shows it to be registered to someone in France (certainly bogus data), and created only yesterday (14Feb2006).

The craftsmanship of this one is deadly for the unwary.

UPDATE: Received another copy sourced from blueyonder.co.uk, which indicates that these phishing messages—like most of them—are being relayed through Trojaned PCs. I also found the Spanish hosting service for the Web site (it wasn't clear earlier) and made my direct report.