JP Morgan Chase Bank phishing

Discussion in 'Phishing' started by Jessica, Jan 2, 2008.

  1. Jessica

    Jessica Administrator Staff Member

    From Chase Notification
    Return-Path: <smchasenotification@chaseonline.chase.com>
    Received: from 194.153.226.159, Romania, Constanta, S.C. Dranmina S.R.L
    From: "Chase Notification" <SMChaseNotification@chaseonline.chase.com>
    Subject: New Message from Chase Online(SM)


    Dear Chase OnlineSM Customer:

    A message regarding "Payment Reminder" has been sent to your Secure Message Center.

    To see your message:

    * Log on to Chase Online. Once you log on, you can see your new message in the Secure Message Center.
    * If you are already logged on to Chase Online, you may see your message(s) by simply visiting the Secure Message Center.


    The message will be available in your Secure Message Center.

    Please do not reply to this message. In order to keep your account information private and secure, we ask that you log on to Chase Online and visit the Secure Message Center if you wish to send an additional question or require further assistance.

    Thank you for being a valued Chase customer.
     
  2. Quark

    Quark Moderator Staff Member

    From Chase Online
    Return-Path: <accounts@chase.online.com>
    Received: from 211.0.147.226, Japan, FBIT Communications Corp, fiberbit.net
    Reply-to: <accounts@chase.online.com>
    From: "Chase Online" <accounts@chase.online.com>
    Subject: Chase Online - Possible Fraud Allert In Your Online Banking Account
    Date: Thu, 7 Feb 2008


    As part of our security measures,we are constantly working to ensure security by regularly screening the accounts in our system.

    We recently noticed one or more attempts to log in to your account from a foreign IP address. We would like to ensure that your account was not accessed by an unauthorized third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

    Click on the link below to update your account, follow the instructions, and the temporary limitation of your account will be removed automatically.

    > https www chase com chaseonline update_logon.html

    Notice to our customers: Chase cares about your security. The Chase Online services mentioned above can be accessed through our site directly. The links here are included for your convenience. If you are suspicious of an email, please feel free to use the Url that appears on the back of your credit card, or type chase.com/creditcards directly into your browser.

    ABOUT THIS MESSAGE

    This service message was delivered to you as a Chase credit card customer. If you wish to unsubscribe from e-mail messages from Chase Card Services, please click here. Please allow up to ten business days for us to process your request.

    Please do not reply to this message. Replies to this message will not be responded to. To contact Chase go to chase.com/creditcards.

    ©2006 JPMorgan Chase & Co.
     
  3. dragonfire

    dragonfire Member

    Chase Bank Online

    You have received this email because you or someone had used your account from different locations.
    For security purpose, we are required to open an investigation into this matter.

    In order to safeguard your account, we require that you confirm your banking details.
    To help speed up this process, please access the following link so we can complete the verification of your Chase Online® Banking Account registration information :


    Return-Path: <wealthse@terminator.websitewelcome.com>
    Received: from [67.18.125.8] USA, Texas, Theplanet.com Internet Services
    Subject: Chase Alert : Update Your Bank Account
    From: Chase Online <securityalert@chase.com>
    Date: Sun, 24 Feb 2008
     
  4. Miyuki

    Miyuki Administratrix Staff Member

    Japan...odd place for an American bank to be sending an email from.

    From Chase Online
    X-Originating-IP: 211.0.147.226, Japan, FBIT Communications Corp.
    Return-Path: <accounts@chase.com>
    Received-SPF: fail does not designate 60.249.116.180 as permitted sender)
    Reply-to: <accounts@chase.com>
    From: "Chase Online" <accounts@chase.com>
    Subject: Chase Online - Possible Fraud Allert
    Date: Mon, 25 Feb 2008

    As part of our security measures,we are constantly working to ensure security by regularly screening the accounts in our system.

    We recently noticed one or more attempts to log in to your account from a foreign IP address. We would like to ensure that your account was not accessed by an unauthorized third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

    Click on the link below to update your account, follow the instructions, and the temporary limitation of your account will be removed automatically.

    https www chase.com chaseonline update_logon.html

    Notice to our customers: Chase cares about your security. The Chase Online services mentioned above can be accessed through our site directly. The links here are included for your convenience. If you are suspicious of an email, please feel free to use the Url that appears on the back of your credit card, or type chase.com/creditcards directly into your browser.

    ABOUT THIS MESSAGE
    This service message was delivered to you as a Chase credit card customer. If you wish to unsubscribe from e-mail messages from Chase Card Services, please click here. Please allow up to ten business days for us to process your request.

    Please do not reply to this message. Replies to this message will not be responded to. To contact Chase go to chase com creditcards.

    ©2006 JPMorgan Chase & Co.
     
  5. Ted

    Ted Emeritus

    Chase: Irregular Check Card Activity

    63.246.151.54 San Francisco, California, USA
    Return-Path: <nobody@server.fnone.org>


    Irregular Check Card Activity


    We detected irregular activity on your Chase Bank account Check Card on 10/28/2008. For your protection, you must verify this activity before you can continue using your card.

    Please visit Online Banking at www.Chase.com to review your account activity, and then call us immediately at 1.877.833.5617 . We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account.

    Want to confirm this email is from Chase Bank ? Sign in to Online Banking and select Alerts History to verify this alert.

    Want to get more alerts? Sign in to your online banking account at Chase Bank and within the Accounts Overview page select the "Alerts" tab.

    Because email is not a secure form of communication, please do not reply to this email. If you have any questions about your account or need assistance, please call the phone number on your statement or go to Contact Us at www.Chase.com.

    Chase Bank, Member FDIC.
    © 2008 Chase Bank Corporation. All Rights Reserved.
     
  6. Sphinx

    Sphinx Administrator Staff Member

    The link goes to a macafee flagged site at astag com.

    From JPMorgan Chase Bank
    Return-Path: <chase@notify.chase.com>
    Received: from 79.190.39.130, Poland, TP S.A. Hostmaster, abuse report to [abuse@telekomunikacja.pl]
    Reply-To: <Chase@notify.chase.com>
    From: "JPMorgan Chase Bank"<Chase@notify.chase.com>
    Subject: Notification from Chase Bank
    Date: Sat, 1 Nov 2008


    Dear Chase Online customer,

    During our regualry scheduled accounts maintenance and verification procedures, we have detected a slight error regarding your Chase Online Account.

    This might be due to one of the following reasons:
    1. A recent change in your personal information (i.e. address changing)
    2. Submitting invalid information during the initial sign up process.
    4. Multiple failed logins in your personal account.
    3. An inabillity to accurately verify your selected option of payment due to an internal error within our system.

    Please update and verify your information by clicking the following link:

    Continue To Chase Online Update Form

    *If you account information is not updated within 48 hours then your ability to access your account will be restricted.

    Thank you,
    Chase Online , Billing Department.


    E-mail Security Information
    E-mail intended for your account.

    If you are concerned about the authenticity of this message, please click here or call the phone number on the back of your credit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here

    Note: If you are concerned about clicking links in this e-mail, the Chase Online services mentioned above can be accessed by typing www chase com creditcards directly into your browser.

    ABOUT THIS MESSAGE:
    This service message was delivered to you as a Chase Credit Card customer to provide you with account updates and information about your card benefits.

    If you want to contact Chase, please do not reply to this message, but instead go to www chase com creditcards. For faster service, please enroll or log in to your account. Replies to this message will not be read or responded to.

    Your personal information is protected by state-of-the-art technology. For more detailed security information, view our Online Privacy Policy. To request in writing: Chase Privacy Operations, 451 Florida Street, Fourth Floor, LA2-9376, Baton Rouge, LA 70801

    ® 2008 JPMorgan Chase & Co.
     
  7. pablo

    pablo Member

    Phishing twist

    Subject: Customer Satisfaction Survey
    Date: Tue, 25 Nov 2008 07 : 19 : 22 -0600
    From: "Chase"<survey@chase.com>
    Reply-To: <noreply@chase.com>
    To: undisclosed-recipients:;

    Dear Chase client,

    Due to the rumors of financial crisis, Chase has decided to make a nationwide survey.
    The information collected will be used to improve our services and your banking
    experience with us. For the completion of this survey, we will credit your
    account with $100.


    To take part, please click here

    Note - The information we gather from this survey will not be handed down to any third party.

    © 2008 JPMorgan Chase & Co.

    ======================================

    Standard phishing letter. Click go to hacked website forwarded to second website URL 5 questions and request for banking information. Sent URL's to
    abuse at chase. The both links dead in 15 minutes.

    The twist. 30 Minutes later I got a second identical message except the click through links were different. Contacted both chase and one of the website's host ISP's. The ISP killed the link and emailed me back within 5 minutes.

    In most cases I would have never checked the second message. I don't know why I did this time.

    p.
     
  8. Gentle Giant

    Gentle Giant Giant Admin for a Day Staff Member

    Looks like some of our "friends" (and I use the term very loosely) in Toronto have taken to phishing. :rolleyes:

    From Chase
    Return-Path: <survey@email.chase.net>
    Received: from 74.210.119.158, Canada, Ontario, Toronto, Rogers Cable Communications Inc., abuse report to [abuse@rogers.com]
    Reply-To: <survey@email.chase.net>
    From: "Chase"<survey@email.chase.net>
    Subject: Customer Center: Claim Your $50 Reward
    Date: Sun, 23 Nov 2008
    Return-Path: [survey@email.chase.net]


    You've been chosen by Chase Customer Center to take part in our quick and easy 5 question survey. In return we will credit $50 to your account within the next three business days.

    Helping us better understand how our customers feel benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our online service. The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party groups. It will be stored in our secure database for three days while we process the results of this nationwide survey.

    We kindly ask you to spare two minutes of your time and take part to this unique offer!

    To take the survey now, please visit our affiliate website:
    http static-71-119-20-180 lsanca dsl-w verizon net/ssl/CustomerCenter/onlinesurvey chase.net/

    Best regards,
    Chase Customer Center
     
  9. pablo

    pablo Member

    @Gentle Giant ^^^^^

    Have you reported this to chase? Phishing response is statistical only effective for a few hours after the phishing email is sent to harvest the banking information. Killing the links within an hour or so can substancially reduce the fraud.

    Your message is very similar to the ones we killed yesterday. It was 5 maundane questions and then asked for banking information including pin numbers.

    ISP's in Canada, US and Europe are generally very co-operative in killing a phishing URL. Yesterday I had a personalized ISP response (rare actually) in 5 minutes and the link was dead.

    p.
     
  10. pablo

    pablo Member

    New modus

    I am starting to see a new modus in some of the phising emails. I get a burst of phishing emails that are either very similar or identical a few hours apart. The only difference is the link URL and the redirected web site change. The first was the chase pair I reported a couple weeks ago since then I have had phishing of this type for capital one and Canadian CIBC and TDCanada Trust.


    p.
     
  11. Garreg Ddu

    Garreg Ddu Gweinyddwr Staff Member

    X-SID-PRA: chase <serv@chase.com>
    Received: from User (LNeuilly-152-22-67-27.w193-251.abo.wanadoo.fr [193.251.2.27]) by mwinf2361.orange.fr (SMTP Server) with ESMTP id 0722E700009A; Sun, 28 Dec 2008 19:01:45 +0100 (CET)

    Origin IP Address = 193.251.2.27 = Wanadoo France Technical Role, FRANCE TELECOM/SCR, 48 rue Camille Desmoulins, 92791 ISSY LES MOULINEAUX CEDEX 9, FRANCE

    From: "chase" <serv@chase.com>
    Subject: Account Locked !
    Date: Sun, 28 Dec 2008 18:59:42 +0100
    To: undisclosed-recipients: ;
    Return-Path: serv@chase.com



    Account Locked !


    Dear Chase Member,

    Due to the number of incorrect login attempts, your Chase Account has been locked for your security. This has been done to secure your accounts and to protect your private information in case the login attempts were not done by you..
    At Chase Bank we care about your security so, for your protection we are proactively notifying you of this activity.

    If you did not trigger this lockout, follow this link to Log on to your Chase Online Account :

    Click here to unlock your account Link disabled as the site is still actively phishing. It has been logged with NetCraft, put in the Phish Tank, submitted to McAfee and will soon be in IE Phishing filter and Safari.


    Thank you for your prompt attention to this matter.

    We apologize for any inconvenience.



    Thank you for using Chase!


    --------------------------------------------------------------------------------

    Please do not reply to this e-mail. Mail sent to this address cannot be answered.
     
  12. phfobric

    phfobric Member

    JPMorgan Chase Bak/zhxocq@google.com

    Ho-boy. This email looks legit, REAL legit. (The Chase advert didn't print to this page) They want to ask me 5 questions and they'll deposit $50 in my account (only, psssst, I don't HAVE AN ACCOUNT with these guys!!).

    Thought you might like a look-around. Didn't know a BIG bak would have a Google addy?!?! Scrolling ANYWHERE near the advert reveals; http://pool-71-110-132-131-Isanca.dsl-W.verizon.net/chas.html What appears on this page is NOT what I entered. Note from ...Isanca.dsl-W.verizon...is what I posted.

    Take part in our quick 5 question survey
    Monday, April 27, 2009 5 06 PM
    From JPMorgan Chase Bak Mon Apr 27 14 06 07 2009
    Return-Path: <zhxocq@google.com>
    Authentication-Results: mta148.mail.re1.yahoo.com from=google.com domainkeys=neutral (no sig) from=google.com dkim=neutral (no sig)
    Received: from 64.59.134.9 (EHLO idcmail-mo2no.shaw.ca) (64.59.134.9) by mta148.mail.re1.yahoo.com with SMTP Mon, 27 Apr 2009 14 10 23 -0700
    Message-Id: <79p70j$2t7mqa@pd7mo1no-svcs.prod.shaw.ca>
    Received: from pd6ml2no-ssvc.prod.shaw.ca ([10.0.153.163]) by pd7mo1no-svcs.prod.shaw.ca with ESMTP 27 Apr 2009 15 06 05 -0600
    Received: from s0106000f6687dc9b.cg.shawcable.net (HELO User) ([68.147.57.173]) by pd6ml2no-dmz.prod.shaw.ca with SMTP 27 Apr 2009 15 06 03 -0600
    Reply-To: zhxocq@google.com
    From:
    JPMorgan Chase Bak<zhxocq@google.com>
    Add sender to Contacts
    Subject: Take part in our quick 5 question survey
    Date: Mon, 27 Apr 2009 15 06 07 -0600
    MIME-Version: 1.0
    Content-Type: text/html charset="Windows-1251"
    Content-Transfer-Encoding: 7bit
    Content-Length: 165
     
    Last edited: Apr 29, 2009
  13. ErnestTBass

    ErnestTBass Ninja

    McAfee Site adviser already attacked, to kill the scammers mail account
    forward the scam letter and header to gmail-abuse@google.com

    Message: Hi Google,

    Please suspend this user account for phishing.

    Regards,
    your name.

    You will get a reply from Google
     
  14. Cold War Kid

    Cold War Kid Ninja

    From CHASE-Services
    Return-Path: <xfkuom@chase-services.com>
    X-Originating-IP: 24.251.210.209, Us server, Cox Communications Inc.
    Reply-To: [xfkuom@chase-services.com]
    From: CHASE-Services<xfkuom@chase-services.com>
    To: [onlineserv@info.com]
    Subject: Chase Review Departament!
    Date: Tue, 29 Sep 2009

    Due to unusual levels of fraud we have had to suspend any future authorizations being conducted with your Chase Card.

    For your security we have deactivate your card.

    How to re-activate your card ?

    You may stop by your branch or call our Card Department at (408) 884-1405

    Our automated system allows you to quickly re-activate your card.

    We apologize for any inconvenience this may cause.
     
  15. Annielee

    Annielee Samurai

    From: "Chase Bank"<chaseonline212@chase.support.com>
    Date: Sat, 9 Jan 2010
    Subject: Security Measures

    Dear Chase Manhattan's Bank Customer,

    We recently noticed one or more attempts to log in to your Chase Internet Banking service from a foreign IP adress.

    If you recently accessed your service while traveling, the unusual log in attempts may have been initiated by you.

    However, if you did not initiate the logins, please visit as soon as possible your account to verify your identity:

    We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire Chase system. Thank you for your prompt attention to this matter.

    Sincerely,

    Carter Franke
    Chase Card Services

    Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Chase Bank account and choose the "Help" link in the header of any page.
     
  16. Spidey

    Spidey Ninja

    From Chase Bank
    Return-Path: <online536235@chase.support.com>
    Received: from 24.106.47.134, US server, Road Runner HoldCo LLC, [abuse@rr.com]
    From: "Chase Bank"<online536235@chase.support.com>
    Subject: Security Measures
    Date: Tue, 12 Jan 2010

    Dear Chase Manhattan's Bank Customer,

    We recently noticed one or more attempts to log in to your Chase Internet Banking service from a foreign IP adress. If you recently accessed your service while traveling, the unusual log in attempts may have been initiated by you. However, if you did not initiate the logins, please visit as soon as possible your account to verify your identity:

    https chase com/chase-online/login.jsp. [can't find the server at chaasseotuipr com.]

    We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity
    of the entire Chase system. Thank you for your prompt attention to this matter.

    Sincerely,

    Carter Franke
    Chase Card Services

    Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Chase Bank account and choose the "Help" link in the header of any page.
     
  17. Spanish Administrator

    Spanish Administrator THE Spanish Administrator Staff Member

    From JP Morgan Chase
    Return-Path: <srvc@jpmchase.com>
    Received: from 217.194.177.244, Italy, Skytek - Wireless & Internet Service
    From: "JP Morgan Chase"<srvc@jpmchase.com>
    Subject: Your Internet Banking Account need to be update
    Date: Tue, 23 Mar 2010
    Message contains attachments
    1 File (20KB)

    * Online Form.pdf. htmlOnline Form.pdf.html

    Dear Customer,

    Your Internet Banking Account need to be update Please complete the Chase Online Update Form attached to this email .

    If you are using Internet Explorer please allow ActiveX for scripts to perform all data transfers securely .

    This procedure is performed on time only and it does not require further actions on the customer side. This is an automated message, no reply or confirmation is required. Thank you for using Chase Online Bank !

    2010 Chase Bank Corporation. All rights reserved.
    -
    -
    -
    "The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful. Transtruct is neither liable for the proper, complete transmission of the information contained in this communication nor any delay in its receipt."
     
  18. Hua Mulan

    Hua Mulan Administrator Staff Member

    From Chase
    Return-Path: <chase@alerts.chase.com>
    Received: from 61.153.148.235, Zhejiang, China, Zhejiang University Ligong College Ningbo, [anti_spam@mail.nbptt.hz.zj.cn]
    TP; Tue, 06 Jul 2010
    From: "Chase"<Chase@alerts.Chase.com> 加入寄件人到通訊錄
    Subject: Chase Bank Alert!
    Date: Mon, 5 Jul 2010

    Dear valued Chase® Customer,

    Due to recent fraudulent transactions, we have issued the following security requirements.

    It has come to our attention that 98% of all fraudulent transactions are caused by members using stolen credit cards to purchase or sell nonexistent items. Thus we require our members to add a Debit/Check card to their billing records as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. Your Debit/Check card will only be used to identify you. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the Chase® service. Nevertheless, the inability to confirm your records will unprotect your account.

    We are requesting this information to verify and protect your identity. Federal regulations require all financial institutions to obtain, verify, and record identification from all persons opening new accounts or obtaining ongoing payment services. This is in order to prevent the use of the U.S. banking system in terrorist and other illegal activity. For these reasons, Chase® will utilize services provided by various credit reporting agencies to verify the information you submit to us.

    Once you have updated your account records your pending Chase® account transactions will not be interrupted and will continue as normal.

    To update your billing records please proceed to our secure webform by clicking here. [ERROR!!!. This website is down. ]

    Thank you for your time!
    Chase® Billing Department. All rights reserved.
    © 2010 JPMorgan Chase & Co.
     
  19. Marie

    Marie Administrator Staff Member

    From Chase Online (SM)
    Return-Path: <e-alerts@chaseonline.com>
    Received: from 58.56.108.35. Jinan, China, Chinanet Shandong Province Network, [anti-spam@ns.chinanet.cn.net]
    From: "Chase Online (SM) <e-alerts@chaseonline.com>
    Subject: Chase Online Alerts : Multiple Failed Login, Message ID:879499
    Date: Tue, 3 Aug 2010

    Alert Security Email. Please Follow Security Instruction

    Dear Valued Customer,

    Your account Demands verification as we have noticed several unauthorized logon attempts on your account. We are sending you this email in order for you to verify Your account.

    To begin, click the link below to proceed to verification as soon as possible.

    Click here to proceed to Verification as soon as possible.

    This Email is Subject to mandatory follow, failure to comply would lead to permanent closure of account.

    Regards,
    Technical services,
    Chase Online (SM)®
    Chase Online (SM)® 2010 All rights Reserved
     
  20. Hua Mulan

    Hua Mulan Administrator Staff Member

    From JPMorgan Chase
    Return-Path: <chase@accounts.com>
    Received: from 80.81.108.98 (HELO sv009.inaltel.es) (80.81.108.98) by mta103.mail.hk2.yahoo.com with SMTP;
    Reply-To: <chase@accounts.com>
    From: "JPMorgan Chase"<chase@accounts.com> 加入寄件人到通訊錄
    Subject: Important Profile Verification.
    Date: Mon, 9 Aug 2010
    Return-Path: [chase@accounts.com]
    郵件含附件
    1 個檔案 (82KB)

    * Profile Verification.html Profile Verification.html

    We detected irregular activity on your JPMorgan-Chase account on August/08/2010. For your account protection, we have sent you an attachment which contains all the necessary information we need to verify and update your account.

    In order to verify your account please download the attached file , fill out the required information and save your profile.

    We are sorry for any inconvinience this may have caused you.

    © 2010 JPMorgan-Chase. All rights reserved.
     

Share This Page