I Caught a Whale of a Phish

Posted by Ken

New here? You may want to subscribe to my RSS feed. Thanks for visiting!

Well whaddaya know? I actually got one of those phishing scams in the email the other day that I’ve been writing about. This one was supposed to look like it came from Chase Bank, and I have to say that it sounded pretty realistic. Here’s what it said:

The security of your information, transactions, and money is the core of our business and our top priority at Chase Bank.

Our policy is to protect personal or financial information which comes into our possession during the normal course of business. It has come to our attention that your account information needs
to be updated due to inactive members, frauds and spoof reports. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to update your records will result in account erasure. This notification expires on February 25, 2006.

Please follow the link below and renew your account information.

[link deleted]

Once you have updated your account records your internet banking service will not be interrupted and will continue as normal.

Online Department
Chase Bank

Sounds pretty convincing, huh? Ohmygosh! My bank account will be erased! So how do I know it wasn’t for real? Well, first of all Chase is not in the business of erasing people’s accounts. That’s stupid.

Second, the email that was used was one that belonged to a Web site that I’m webmaster for. As such, I get things forwarded to me by default. And lastly, I hovered my mouse over the link provided to see if the URL matched what was displayed on the screen. For those of you who haven’t noticed, when you roll your mouse over a link on any Web page, in the lower left hand corner you’ll see the address of the link you’re going to. It didn’t match, plus the extension, instead of the common .html or .php, was a .js which means it was javascript code, and that means it can execute something on my computer. That “something” could have been a virus or spyware.

I may have still been protected with my firewall, spyware and virus protection software running, but sometimes, when you know what to look for, your common sense is your first defense.