Scary Chase Online Phish

January 14, 2006 1 Comment

Scary Chase Online phish in my inbox today:

chasePhishEMail

Naturally, we don’t want our online accounts to be hacked. However, I don’t have a bill pay account with Chase.

For fun, I thought I’d assess the quality of the phishing attempt. It’s a goodie; but not perfect. The fact that the “Service” at risk list appears as a bulleted list is expected. But but the actions / information are part of the same bulleted list, which is suspect. If you ignore that bit, the only other suspect bit on the solicitation email is the URL to which the “Login Now” button posts; only available after a “View Source”. Non-technical users may well click this link. If they do, they haven’t done themselves any harm as of yet.

I captured the URL to which the button will send you. The page you are sent to is a legitimate Chase path: “/colapmgr/auth-logon/login.htm”. The domain and port are bogus though: “http://chase-online.xyzzy.cn” (xyzzy to mask the actual domain). Clicking on it sends you to this page:

chasePhishLogonForm

The fact the page is served over http (and not https) should clue the user. If not, the .cn domain suffix should raise a red flag. Besides those two deficiencies, EVERYTHING else you see on this page is legitimate: the images, all the links to get more information, sign up, view demos, even the user id / password retrieval link. The links and images direct you to the proper pages at the Chase.com site to support the illusion.

Watch your inbox and be careful.

Advertisements

Filed under Reference Posts

About Michael Coates
I am a pragmatic evangelist. The products, services and solutions I write about fulfill real-world expectations and use cases. I stay up-to-date on real products I use and review, and share my thoughts here. I apply the same lens when designing an architecture, product or when writing papers. I am always looking for ways that technology can create or enhance a business opportunity .. not just technology for technology's sake. My CV says: Seasoned technology executive, leveraging years of experience with enterprise and integration architectural patterns, executed with healthy doses of business acumen and pragmatism. That's me. My web site says: Technology innovations provide a myriad of opportunities for businesses. That said, having the "latest and greatest" for its own sake isn't always a recipe for success. Business successes gained through exploiting innovation relies on analysis of how the new features will enhance your business followed by effective implementation. Goals vary far and wide: streamlining operations, improving customer experience, extending brand, and many more. In all cases, you must identify and collect the metrics you can apply to measure your success. Analysis must be holistic and balanced: business and operational needs must be considered when capitalizing on a new technology asset or opportunity.

One Response to Scary Chase Online Phish

  1. Pingback: Scary Washington Mutual Online Phish « OpsanBlog

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: