Ooh, Chase Me!

OK, now here's a more interesting phishing attempt. It tries to take advantage of the fact that there are so many phishing attempts out there:

Chase has been always striving to present its customer the best
service. We recognize how important it is to protect your identity from
unlawful use, and shield your accounts from fraud and unauthorized access.

Having this in mind Chase has launched a new security system which is completely COST-FREE. Even more - Chase is awarding a BONUS of 25$ for the first subscribers of this service (the amount will be credited to each account you subscribe).

In order to proceed, please input your account number and your security verification:

which is slightly wilier than the "$20 survey" versions. It then does something slightly odd: it uses Google as a redirection service, by linking to the following URL: http://www.google.com/url?q=http://www.golfcourseonlineisback.com
I've no idea what this redirection achieves, unless it's to defeat simple antiphishing checks. Doesn't make much sense to me yet. Amusingly, the message ends:

Please note - Chase will NEVER ask you to input personal information
by phone or by e-mail: Social Security Numbers, Personal Identification Number
(PIN), Card Verification Number (CVV). If you find any type of suspicious
activities please contact us immediately.

Which is pretty rich coming from someone trying to steal your log in details.

No comments: