Phishing Campaigns Against Chase Bank Customers Increase

Share post:

One brand that has repeatedly been targeted by phishing campaigns is Chase Bank, where cybercriminals target people who use the company’s financial services. A report released Tuesday by cybersecurity provider Cyren focuses on the latest phishing attempts to exploit Chase and offers tips for users not to fall victim to this type of scam.

According to Cyren, Chase Bank is now the sixth most expensive counterfeit brand in phishing URLs. Chase ranks third among financial companies, behind PayPal.

From mid-May to mid-August, Cyren researchers recorded a 300% increase in phishing URLs that forged the Chase brand. Behind all these malicious URLs are phishing kits that cybercriminals buy, sell and use for their campaigns. Chase was the second most frequently attacked brand among all phishing kits in the last six months, followed by Microsoft 365 at the top.

The majority of phishing kits that Cyren has been investigating since May were built to steal more than just email addresses and passwords. These kits aim to steal bank and credit card information, social security numbers, home addresses and other sensitive information. Some kits even attempt to steal one-time use codes used for two-factor authentication. To target Chase Bank customers via email or text message, attackers have used a popular phishing kit called Chase XBALTI.

After successful phishing campaigns, cybercriminals have more than enough information to sell on the Dark Web for additional attacks, account takeovers and identity fraud. Each piece of sensitive data stolen is sent to the attacker’s email address, which is set up within the phishing kit.

To better detect and stop phishing attacks, Cyren has the following tips:

  • Avoid clicking on links or dialing any phone number listed in an email or text message. Instead, contact the company using the information on its website or through its official mobile app. Chase customers can also report phishing emails to Chase Bank.
  • If customers are unsure about the legitimacy of a particular email or text message, they can ask someone else to check it. Many organizations also have ways to report suspicious emails. Mobile carriers have steps to report suspicious phishing messages. Customers can also submit potential phishing URLs via the Cyren Website URL Category Checker, VirusTotal and PhishTank.
  • Customers can detect and avoid many phishing attacks by checking the message for spelling errors and other inconsistencies. Check the copyright date in the footer and make sure that the displayed URL is correct.

For more information, read the original story in TechRepublic.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Russian-linked hackers target U.S. and European water systems

A Russian military-affiliated hacking group, Sandworm, is suspected of coordinating recent cyberattacks on water utilities in the U.S.,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways