JP Morgan Chase Bank

Jessica

Administrator
Staff member
#1
From Chase Notification
Return-Path: <smchasenotification@chaseonline.chase.com>
Received: from 194.153.226.159, Romania, Constanta, S.C. Dranmina S.R.L
From: "Chase Notification" <SMChaseNotification@chaseonline.chase.com>
Subject: New Message from Chase Online(SM)


Dear Chase OnlineSM Customer:

A message regarding "Payment Reminder" has been sent to your Secure Message Center.

To see your message:

* Log on to Chase Online. Once you log on, you can see your new message in the Secure Message Center.
* If you are already logged on to Chase Online, you may see your message(s) by simply visiting the Secure Message Center.


The message will be available in your Secure Message Center.

Please do not reply to this message. In order to keep your account information private and secure, we ask that you log on to Chase Online and visit the Secure Message Center if you wish to send an additional question or require further assistance.

Thank you for being a valued Chase customer.
 

Quark

Moderator
Staff member
#2
From Chase Online
Return-Path: <accounts@chase.online.com>
Received: from 211.0.147.226, Japan, FBIT Communications Corp, fiberbit.net
Reply-to: <accounts@chase.online.com>
From: "Chase Online" <accounts@chase.online.com>
Subject: Chase Online - Possible Fraud Allert In Your Online Banking Account
Date: Thu, 7 Feb 2008


As part of our security measures,we are constantly working to ensure security by regularly screening the accounts in our system.

We recently noticed one or more attempts to log in to your account from a foreign IP address. We would like to ensure that your account was not accessed by an unauthorized third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

Click on the link below to update your account, follow the instructions, and the temporary limitation of your account will be removed automatically.

> https www chase com chaseonline update_logon.html

Notice to our customers: Chase cares about your security. The Chase Online services mentioned above can be accessed through our site directly. The links here are included for your convenience. If you are suspicious of an email, please feel free to use the Url that appears on the back of your credit card, or type chase.com/creditcards directly into your browser.

ABOUT THIS MESSAGE

This service message was delivered to you as a Chase credit card customer. If you wish to unsubscribe from e-mail messages from Chase Card Services, please click here. Please allow up to ten business days for us to process your request.

Please do not reply to this message. Replies to this message will not be responded to. To contact Chase go to chase.com/creditcards.

©2006 JPMorgan Chase & Co.
 
#3
Chase Bank Online

You have received this email because you or someone had used your account from different locations.
For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details.
To help speed up this process, please access the following link so we can complete the verification of your Chase Online® Banking Account registration information :


Return-Path: <wealthse@terminator.websitewelcome.com>
Received: from [67.18.125.8] USA, Texas, Theplanet.com Internet Services
Subject: Chase Alert : Update Your Bank Account
From: Chase Online <securityalert@chase.com>
Date: Sun, 24 Feb 2008
 

Miyuki

Administratrix
Staff member
#4
Japan...odd place for an American bank to be sending an email from.

From Chase Online
X-Originating-IP: 211.0.147.226, Japan, FBIT Communications Corp.
Return-Path: <accounts@chase.com>
Received-SPF: fail does not designate 60.249.116.180 as permitted sender)
Reply-to: <accounts@chase.com>
From: "Chase Online" <accounts@chase.com>
Subject: Chase Online - Possible Fraud Allert
Date: Mon, 25 Feb 2008

As part of our security measures,we are constantly working to ensure security by regularly screening the accounts in our system.

We recently noticed one or more attempts to log in to your account from a foreign IP address. We would like to ensure that your account was not accessed by an unauthorized third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

Click on the link below to update your account, follow the instructions, and the temporary limitation of your account will be removed automatically.

https www chase.com chaseonline update_logon.html

Notice to our customers: Chase cares about your security. The Chase Online services mentioned above can be accessed through our site directly. The links here are included for your convenience. If you are suspicious of an email, please feel free to use the Url that appears on the back of your credit card, or type chase.com/creditcards directly into your browser.

ABOUT THIS MESSAGE
This service message was delivered to you as a Chase credit card customer. If you wish to unsubscribe from e-mail messages from Chase Card Services, please click here. Please allow up to ten business days for us to process your request.

Please do not reply to this message. Replies to this message will not be responded to. To contact Chase go to chase com creditcards.

©2006 JPMorgan Chase & Co.
 

Ted

Emeritus
#5
Chase: Irregular Check Card Activity

63.246.151.54 San Francisco, California, USA
Return-Path: <nobody@server.fnone.org>


Irregular Check Card Activity


We detected irregular activity on your Chase Bank account Check Card on 10/28/2008. For your protection, you must verify this activity before you can continue using your card.

Please visit Online Banking at www.Chase.com to review your account activity, and then call us immediately at 1.877.833.5617 . We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account.

Want to confirm this email is from Chase Bank ? Sign in to Online Banking and select Alerts History to verify this alert.

Want to get more alerts? Sign in to your online banking account at Chase Bank and within the Accounts Overview page select the "Alerts" tab.

Because email is not a secure form of communication, please do not reply to this email. If you have any questions about your account or need assistance, please call the phone number on your statement or go to Contact Us at www.Chase.com.

Chase Bank, Member FDIC.
© 2008 Chase Bank Corporation. All Rights Reserved.
 

Sphinx

Administrator
Staff member
#6
The link goes to a macafee flagged site at astag com.

From JPMorgan Chase Bank
Return-Path: <chase@notify.chase.com>
Received: from 79.190.39.130, Poland, TP S.A. Hostmaster, abuse report to [abuse@telekomunikacja.pl]
Reply-To: <Chase@notify.chase.com>
From: "JPMorgan Chase Bank"<Chase@notify.chase.com>
Subject: Notification from Chase Bank
Date: Sat, 1 Nov 2008


Dear Chase Online customer,

During our regualry scheduled accounts maintenance and verification procedures, we have detected a slight error regarding your Chase Online Account.

This might be due to one of the following reasons:
1. A recent change in your personal information (i.e. address changing)
2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your personal account.
3. An inabillity to accurately verify your selected option of payment due to an internal error within our system.

Please update and verify your information by clicking the following link:

Continue To Chase Online Update Form

*If you account information is not updated within 48 hours then your ability to access your account will be restricted.

Thank you,
Chase Online , Billing Department.


E-mail Security Information
E-mail intended for your account.

If you are concerned about the authenticity of this message, please click here or call the phone number on the back of your credit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here

Note: If you are concerned about clicking links in this e-mail, the Chase Online services mentioned above can be accessed by typing www chase com creditcards directly into your browser.

ABOUT THIS MESSAGE:
This service message was delivered to you as a Chase Credit Card customer to provide you with account updates and information about your card benefits.

If you want to contact Chase, please do not reply to this message, but instead go to www chase com creditcards. For faster service, please enroll or log in to your account. Replies to this message will not be read or responded to.

Your personal information is protected by state-of-the-art technology. For more detailed security information, view our Online Privacy Policy. To request in writing: Chase Privacy Operations, 451 Florida Street, Fourth Floor, LA2-9376, Baton Rouge, LA 70801

® 2008 JPMorgan Chase & Co.
 
#7
Phishing twist

Subject: Customer Satisfaction Survey
Date: Tue, 25 Nov 2008 07 : 19 : 22 -0600
From: "Chase"<survey@chase.com>
Reply-To: <noreply@chase.com>
To: undisclosed-recipients:;

Dear Chase client,

Due to the rumors of financial crisis, Chase has decided to make a nationwide survey.
The information collected will be used to improve our services and your banking
experience with us. For the completion of this survey, we will credit your
account with $100.


To take part, please click here

Note - The information we gather from this survey will not be handed down to any third party.

© 2008 JPMorgan Chase & Co.

======================================

Standard phishing letter. Click go to hacked website forwarded to second website URL 5 questions and request for banking information. Sent URL's to
abuse at chase. The both links dead in 15 minutes.

The twist. 30 Minutes later I got a second identical message except the click through links were different. Contacted both chase and one of the website's host ISP's. The ISP killed the link and emailed me back within 5 minutes.

In most cases I would have never checked the second message. I don't know why I did this time.

p.
 

Gentle Giant

Giant Admin for a Day
Staff member
#8
Looks like some of our "friends" (and I use the term very loosely) in Toronto have taken to phishing. :rolleyes:

From Chase
Return-Path: <survey@email.chase.net>
Received: from 74.210.119.158, Canada, Ontario, Toronto, Rogers Cable Communications Inc., abuse report to [abuse@rogers.com]
Reply-To: <survey@email.chase.net>
From: "Chase"<survey@email.chase.net>
Subject: Customer Center: Claim Your $50 Reward
Date: Sun, 23 Nov 2008
Return-Path: [survey@email.chase.net]


You've been chosen by Chase Customer Center to take part in our quick and easy 5 question survey. In return we will credit $50 to your account within the next three business days.

Helping us better understand how our customers feel benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our online service. The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party groups. It will be stored in our secure database for three days while we process the results of this nationwide survey.

We kindly ask you to spare two minutes of your time and take part to this unique offer!

To take the survey now, please visit our affiliate website:
http static-71-119-20-180 lsanca dsl-w verizon net/ssl/CustomerCenter/onlinesurvey chase.net/

Best regards,
Chase Customer Center
 
#9
@Gentle Giant ^^^^^

Have you reported this to chase? Phishing response is statistical only effective for a few hours after the phishing email is sent to harvest the banking information. Killing the links within an hour or so can substancially reduce the fraud.

Your message is very similar to the ones we killed yesterday. It was 5 maundane questions and then asked for banking information including pin numbers.

ISP's in Canada, US and Europe are generally very co-operative in killing a phishing URL. Yesterday I had a personalized ISP response (rare actually) in 5 minutes and the link was dead.

p.
 
#10
New modus

I am starting to see a new modus in some of the phising emails. I get a burst of phishing emails that are either very similar or identical a few hours apart. The only difference is the link URL and the redirected web site change. The first was the chase pair I reported a couple weeks ago since then I have had phishing of this type for capital one and Canadian CIBC and TDCanada Trust.


p.
 

Garreg Ddu

Gweinyddwr
Staff member
#11
X-SID-PRA: chase <serv@chase.com>
Received: from User (LNeuilly-152-22-67-27.w193-251.abo.wanadoo.fr [193.251.2.27]) by mwinf2361.orange.fr (SMTP Server) with ESMTP id 0722E700009A; Sun, 28 Dec 2008 19:01:45 +0100 (CET)

Origin IP Address = 193.251.2.27 = Wanadoo France Technical Role, FRANCE TELECOM/SCR, 48 rue Camille Desmoulins, 92791 ISSY LES MOULINEAUX CEDEX 9, FRANCE

From: "chase" <serv@chase.com>
Subject: Account Locked !
Date: Sun, 28 Dec 2008 18:59:42 +0100
To: undisclosed-recipients: ;
Return-Path: serv@chase.com



Account Locked !


Dear Chase Member,

Due to the number of incorrect login attempts, your Chase Account has been locked for your security. This has been done to secure your accounts and to protect your private information in case the login attempts were not done by you..
At Chase Bank we care about your security so, for your protection we are proactively notifying you of this activity.

If you did not trigger this lockout, follow this link to Log on to your Chase Online Account :

Click here to unlock your account Link disabled as the site is still actively phishing. It has been logged with NetCraft, put in the Phish Tank, submitted to McAfee and will soon be in IE Phishing filter and Safari.


Thank you for your prompt attention to this matter.

We apologize for any inconvenience.



Thank you for using Chase!


--------------------------------------------------------------------------------

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
 
#12
JPMorgan Chase Bak/zhxocq@google.com

Ho-boy. This email looks legit, REAL legit. (The Chase advert didn't print to this page) They want to ask me 5 questions and they'll deposit $50 in my account (only, psssst, I don't HAVE AN ACCOUNT with these guys!!).

Thought you might like a look-around. Didn't know a BIG bak would have a Google addy?!?! Scrolling ANYWHERE near the advert reveals; http://pool-71-110-132-131-Isanca.dsl-W.verizon.net/chas.html What appears on this page is NOT what I entered. Note from ...Isanca.dsl-W.verizon...is what I posted.

Take part in our quick 5 question survey
Monday, April 27, 2009 5 06 PM
From JPMorgan Chase Bak Mon Apr 27 14 06 07 2009
Return-Path: <zhxocq@google.com>
Authentication-Results: mta148.mail.re1.yahoo.com from=google.com domainkeys=neutral (no sig) from=google.com dkim=neutral (no sig)
Received: from 64.59.134.9 (EHLO idcmail-mo2no.shaw.ca) (64.59.134.9) by mta148.mail.re1.yahoo.com with SMTP Mon, 27 Apr 2009 14 10 23 -0700
Message-Id: <79p70j$2t7mqa@pd7mo1no-svcs.prod.shaw.ca>
Received: from pd6ml2no-ssvc.prod.shaw.ca ([10.0.153.163]) by pd7mo1no-svcs.prod.shaw.ca with ESMTP 27 Apr 2009 15 06 05 -0600
Received: from s0106000f6687dc9b.cg.shawcable.net (HELO User) ([68.147.57.173]) by pd6ml2no-dmz.prod.shaw.ca with SMTP 27 Apr 2009 15 06 03 -0600
Reply-To: zhxocq@google.com
From:
JPMorgan Chase Bak<zhxocq@google.com>
Add sender to Contacts
Subject: Take part in our quick 5 question survey
Date: Mon, 27 Apr 2009 15 06 07 -0600
MIME-Version: 1.0
Content-Type: text/html charset="Windows-1251"
Content-Transfer-Encoding: 7bit
Content-Length: 165
 
Last edited:
#14
From CHASE-Services
Return-Path: <xfkuom@chase-services.com>
X-Originating-IP: 24.251.210.209, Us server, Cox Communications Inc.
Reply-To: [xfkuom@chase-services.com]
From: CHASE-Services<xfkuom@chase-services.com>
To: [onlineserv@info.com]
Subject: Chase Review Departament!
Date: Tue, 29 Sep 2009

Due to unusual levels of fraud we have had to suspend any future authorizations being conducted with your Chase Card.

For your security we have deactivate your card.

How to re-activate your card ?

You may stop by your branch or call our Card Department at (408) 884-1405

Our automated system allows you to quickly re-activate your card.

We apologize for any inconvenience this may cause.
 
#15
From: "Chase Bank"<chaseonline212@chase.support.com>
Date: Sat, 9 Jan 2010
Subject: Security Measures

Dear Chase Manhattan's Bank Customer,

We recently noticed one or more attempts to log in to your Chase Internet Banking service from a foreign IP adress.

If you recently accessed your service while traveling, the unusual log in attempts may have been initiated by you.

However, if you did not initiate the logins, please visit as soon as possible your account to verify your identity:

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire Chase system. Thank you for your prompt attention to this matter.

Sincerely,

Carter Franke
Chase Card Services

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Chase Bank account and choose the "Help" link in the header of any page.
Received: from [71.95.197.74] (helo=User) by elasmtp-banded.atl.sa.earthlink.net
X-Originating-IP: [209.86.89.70]
 
#16
From Chase Bank
Return-Path: <online536235@chase.support.com>
Received: from 24.106.47.134, US server, Road Runner HoldCo LLC, [abuse@rr.com]
From: "Chase Bank"<online536235@chase.support.com>
Subject: Security Measures
Date: Tue, 12 Jan 2010

Dear Chase Manhattan's Bank Customer,

We recently noticed one or more attempts to log in to your Chase Internet Banking service from a foreign IP adress. If you recently accessed your service while traveling, the unusual log in attempts may have been initiated by you. However, if you did not initiate the logins, please visit as soon as possible your account to verify your identity:

https chase com/chase-online/login.jsp. [can't find the server at chaasseotuipr com.]

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity
of the entire Chase system. Thank you for your prompt attention to this matter.

Sincerely,

Carter Franke
Chase Card Services

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Chase Bank account and choose the "Help" link in the header of any page.
 

Spanish Administrator

THE Spanish Administrator
Staff member
#17
From JP Morgan Chase
Return-Path: <srvc@jpmchase.com>
Received: from 217.194.177.244, Italy, Skytek - Wireless & Internet Service
From: "JP Morgan Chase"<srvc@jpmchase.com>
Subject: Your Internet Banking Account need to be update
Date: Tue, 23 Mar 2010
Message contains attachments
1 File (20KB)

* Online Form.pdf. htmlOnline Form.pdf.html

Dear Customer,

Your Internet Banking Account need to be update Please complete the Chase Online Update Form attached to this email .

If you are using Internet Explorer please allow ActiveX for scripts to perform all data transfers securely .

This procedure is performed on time only and it does not require further actions on the customer side. This is an automated message, no reply or confirmation is required. Thank you for using Chase Online Bank !

2010 Chase Bank Corporation. All rights reserved.
-
-
-
"The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful. Transtruct is neither liable for the proper, complete transmission of the information contained in this communication nor any delay in its receipt."
 

Hua Mulan

Administrator
Staff member
#18
From Chase
Return-Path: <chase@alerts.chase.com>
Received: from 61.153.148.235, Zhejiang, China, Zhejiang University Ligong College Ningbo, [anti_spam@mail.nbptt.hz.zj.cn]
TP; Tue, 06 Jul 2010
From: "Chase"<Chase@alerts.Chase.com> 加入寄件人到通訊錄
Subject: Chase Bank Alert!
Date: Mon, 5 Jul 2010

Dear valued Chase® Customer,

Due to recent fraudulent transactions, we have issued the following security requirements.

It has come to our attention that 98% of all fraudulent transactions are caused by members using stolen credit cards to purchase or sell nonexistent items. Thus we require our members to add a Debit/Check card to their billing records as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. Your Debit/Check card will only be used to identify you. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the Chase® service. Nevertheless, the inability to confirm your records will unprotect your account.

We are requesting this information to verify and protect your identity. Federal regulations require all financial institutions to obtain, verify, and record identification from all persons opening new accounts or obtaining ongoing payment services. This is in order to prevent the use of the U.S. banking system in terrorist and other illegal activity. For these reasons, Chase® will utilize services provided by various credit reporting agencies to verify the information you submit to us.

Once you have updated your account records your pending Chase® account transactions will not be interrupted and will continue as normal.

To update your billing records please proceed to our secure webform by clicking here. [ERROR!!!. This website is down. ]

Thank you for your time!
Chase® Billing Department. All rights reserved.
© 2010 JPMorgan Chase & Co.
 

Marie

Administrator
Staff member
#19
From Chase Online (SM)
Return-Path: <e-alerts@chaseonline.com>
Received: from 58.56.108.35. Jinan, China, Chinanet Shandong Province Network, [anti-spam@ns.chinanet.cn.net]
From: "Chase Online (SM) <e-alerts@chaseonline.com>
Subject: Chase Online Alerts : Multiple Failed Login, Message ID:879499
Date: Tue, 3 Aug 2010

Alert Security Email. Please Follow Security Instruction

Dear Valued Customer,

Your account Demands verification as we have noticed several unauthorized logon attempts on your account. We are sending you this email in order for you to verify Your account.

To begin, click the link below to proceed to verification as soon as possible.

Click here to proceed to Verification as soon as possible.

This Email is Subject to mandatory follow, failure to comply would lead to permanent closure of account.

Regards,
Technical services,
Chase Online (SM)®
Chase Online (SM)® 2010 All rights Reserved
 

Hua Mulan

Administrator
Staff member
#20
From JPMorgan Chase
Return-Path: <chase@accounts.com>
Received: from 80.81.108.98 (HELO sv009.inaltel.es) (80.81.108.98) by mta103.mail.hk2.yahoo.com with SMTP;
Reply-To: <chase@accounts.com>
From: "JPMorgan Chase"<chase@accounts.com> 加入寄件人到通訊錄
Subject: Important Profile Verification.
Date: Mon, 9 Aug 2010
Return-Path: [chase@accounts.com]
郵件含附件
1 個檔案 (82KB)

* Profile Verification.html Profile Verification.html

We detected irregular activity on your JPMorgan-Chase account on August/08/2010. For your account protection, we have sent you an attachment which contains all the necessary information we need to verify and update your account.

In order to verify your account please download the attached file , fill out the required information and save your profile.

We are sorry for any inconvinience this may have caused you.

© 2010 JPMorgan-Chase. All rights reserved.