A new kind of telephone scam: phishingDate: April 11, 2006
Recipients of phish emails have become accustomed to seeing fraudulent phish URLs with particular traits and internet security specialist SurfControl, which detected the scam, said it is likely that phishers seeking Chase Bank customer’s information developed the technique to increase the success rate of the scam. This phish uses scare tactics and a technique distinctive from the typical phishing scams that target financial institutions. SurfControl is warning customers that this new attack could open the door to employees providing credit card and other personal data to the scammers.
SurfControl first discovered the phish in Australia.
“SurfControl's Global Threat Experts are tracking the new phishing technique to identify any emerging variations, which could potentially target customers of Australian banks,” said Ursula Radford, SurfControl marketing manager for Australia and New Zealand.
How the phish works:
The phish uses a toll free number which would have been registered, possibly using fake names or contact information. The appearance of a toll free number on the phish resonates with the typical toll free phone numbers used by the legitimate Chase Bank. When users dial the toll free number, they are greeted by a recorded message apparently from Chase bank. SurfControl submitted fake information to the phisher to examine the method employed by the scammers. A transcript of this recorded message is below:
Phisher: Welcome to Chase Bank account verification. Please type your 16 digits card number.
user: [types invalid 16 digit credit card number]
Phisher: Please type your 16 digits card number.
user: [types valid 16 digit credit card number]
Phisher: Please type expiration date, month first year later.
user: [types 4 digit date]
Phisher: Please type the last 4 digits of the primary card holder’s social security.
user: [types 4 digits]
Phisher: Wait please till processing. Thank you. Your account has been verified.
As a rule, there are no banks that ever contact customers asking for personal information by email.
Add comment Email to a Friend