Scary Chase Online Phish
January 14, 2006 1 Comment
Scary Chase Online phish in my inbox today:
Naturally, we don’t want our online accounts to be hacked. However, I don’t have a bill pay account with Chase.
For fun, I thought I’d assess the quality of the phishing attempt. It’s a goodie; but not perfect. The fact that the “Service” at risk list appears as a bulleted list is expected. But but the actions / information are part of the same bulleted list, which is suspect. If you ignore that bit, the only other suspect bit on the solicitation email is the URL to which the “Login Now” button posts; only available after a “View Source”. Non-technical users may well click this link. If they do, they haven’t done themselves any harm as of yet.
I captured the URL to which the button will send you. The page you are sent to is a legitimate Chase path: “/colapmgr/auth-logon/login.htm”. The domain and port are bogus though: “http://chase-online.xyzzy.cn” (xyzzy to mask the actual domain). Clicking on it sends you to this page:
The fact the page is served over http (and not https) should clue the user. If not, the .cn domain suffix should raise a red flag. Besides those two deficiencies, EVERYTHING else you see on this page is legitimate: the images, all the links to get more information, sign up, view demos, even the user id / password retrieval link. The links and images direct you to the proper pages at the Chase.com site to support the illusion.
Watch your inbox and be careful.
Pingback: Scary Washington Mutual Online Phish « OpsanBlog