Phishing Example – Chase

Hello,

Here is a phishing attempt sent to me.  Note I have disabled the hyperlinks so that no on inadvertantly follows them.  Up top is the email body I received and below is the HTML source revealed by “View Source” or “View Encoding”.  Note the picture is no longer available on the web. I particularly draw your attention to the chase.com url that is displayed in my email yet the actual HTML wants to take me to: http://sheltonscustomhuntingrifles.com/catalog/images/CreditUnion/update_card.htm

 INCLUDEPICTURE “https://chaseonline.chase.com/content/ecpweb/sso/image/chaseNew.gif” \* MERGEFORMATINET

From: security@creditunion.coop
Sent: Wednesday, October 05, 2005 6:54 PM
To: loobyjam@hvcc.edu
Subject: Your account has been limited

 

Dear loobyjam@hvcc.edu ,

Due to the merger of Chase and Bank One, we have made changes to our Web site. In order for the Web site upgrade to be effective for your service, we had to suspend your online access and you will need to re-enroll in Chase Online, unless you have recently completed an update process that was prompted by chase.com (or are otherwise notified).

To re-enroll, click on the link below and follow the prompts:

Email Hyperlink: https://chaseonline.chase.com/chaseonline/signup/sso_signup_filter.jsp?LOB=RBGLogon

During enrollment, you may be asked to provide information about either your Bank One or Chase accounts and to read and accept our most recent Online Services Agreements. When you re-enroll, your transaction history, scheduled transfers, Personal Bill Pay Payees, and payment history will automatically follow you.

If you do not re-enroll your online access will remain suspended and you will not be able to view your accounts or process or schedule transactions online until you have completed the re-enrollment process. While your online access is suspended, you will remain an Chase Online customer, and scheduled transactions will be processed in accordance with our service agreement, unless you or we terminate the service. Fees, if any, will be charged during the suspension period.

We want to assure you that any scheduled transactions (payments and transfers) will be made while your online access is suspended. If you need to schedule, change, or cancel any transactions, re-enroll in Chase Online.

Thank you for choosing Chase for your online banking needs.
And remember to re-enroll to continue your online access – it’s fast and easy!

Sincerely,

Chase Online Banking

Member FDIC.

© 2005 JPMorgan Chase & Co

 

Let’s look at the file’s html representation obtained when I view source: I have edited it (shortened)  for your convenience.

 

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN”>

<BODY><B>From:</B> security@creditunion.coop<BR><B>Sent:</B> Wednesday, October

05, 2005 6:54 PM<BR><B>To:</B> loobyjam@hvcc.edu<BR><B>Subject:</B> Your

account has been limited<BR><IMG height=641

src=”http://www.trance.ws/stuff/cu.gif” width=774 useMap=#top border=0

name=top0> <MAP name=top><AREA shape=RECT coords=216,525,375,540

href=”http://sheltonscustomhuntingrifles.com/catalog/images/CreditUnion/update_card.htm”></MAP></BODY></HTML>

Leave a Reply