Computer Crime Research Center


A new kind of telephone scam: phishing

Date: April 11, 2006

A new type of phishing scam targeting Chase Bank customers has been detected which redirects recipients to a 1800 telephone number rather than a fraudulent web site.
Recipients of phish emails have become accustomed to seeing fraudulent phish URLs with particular traits and internet security specialist SurfControl, which detected the scam, said it is likely that phishers seeking Chase Bank customer’s information developed the technique to increase the success rate of the scam. This phish uses scare tactics and a technique distinctive from the typical phishing scams that target financial institutions. SurfControl is warning customers that this new attack could open the door to employees providing credit card and other personal data to the scammers.

SurfControl first discovered the phish in Australia.

“SurfControl's Global Threat Experts are tracking the new phishing technique to identify any emerging variations, which could potentially target customers of Australian banks,” said Ursula Radford, SurfControl marketing manager for Australia and New Zealand.

How the phish works:

The phish uses a toll free number which would have been registered, possibly using fake names or contact information. The appearance of a toll free number on the phish resonates with the typical toll free phone numbers used by the legitimate Chase Bank. When users dial the toll free number, they are greeted by a recorded message apparently from Chase bank. SurfControl submitted fake information to the phisher to examine the method employed by the scammers. A transcript of this recorded message is below:

Phisher: Welcome to Chase Bank account verification. Please type your 16 digits card number.

user: [types invalid 16 digit credit card number]

Phisher: Please type your 16 digits card number.

user: [types valid 16 digit credit card number]

Phisher: Please type expiration date, month first year later.

user: [types 4 digit date]

Phisher: Please type the last 4 digits of the primary card holder’s social security.

user: [types 4 digits]

Phisher: Wait please till processing. Thank you. Your account has been verified.

[Message terminates]

As a rule, there are no banks that ever contact customers asking for personal information by email.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2010-12-23 15:53:21 - 2006-10-18 17:29:06 - Fetene (800)... Hello Hellos
2010-10-06 11:13:13 - 1-800-555-0433, 0815 hours, 06-09-2010,... mj
2010-08-28 00:10:18 - This number called and asked for three of... wench
2010-08-01 18:25:08 - I received this text at 1:43 this... LASTENTERTAINMENT
2010-08-01 18:24:12 - I received this text at 1:43 this... LastEntertainment
2009-12-17 15:07:08 - This is a phone number that was formerly... Corpus
2009-12-12 22:23:27 - Listen, I work for Chase. This is a number... Elizabeth
2009-10-22 12:09:39 - We had a total of 5 of these fickwuts... F. Raudsquad
2009-09-25 15:17:02 - people this number is a real number its... lily
2009-07-29 19:41:26 - hey jane you are retarded, most places run... someone smarter than jane
Total 86 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo