What is Phishing, Facts You Should Know


How can I identify a phishing web site?
If you receive an email (or instant message) from someone you don't know directing you to sign in to a web site, be careful! You may have received a phishing email with links to a phishing web site. A phishing web site (sometimes called a "spoofed" site) tries to steal your account password or other confidential information by tricking you into believing you're on a legitimate web site. You can even land on a phishing site by mistyping a URL (web address).

Is that web site legitimate? Don't be fooled by a site that looks real. It's easy for phishers to create web sites that look like the genuine article, complete with the logos and other graphics of a trusted web site.
Important: If you're at all unsure about a web site, do not sign in. The safest thing to do is to close and then reopen your browser, and then type the URL into your browser's Address bar. Typing the correct URL is the best way to be sure you're not redirected to a spoofed site.
Phishers are becoming more and more sophisticated in designing their phony web sites. There's no surefire way to know if you're on a phishing site, but here's some hints that can help you distinguish a real web site from a phishing site.

Check the web address

Just because the address looks OK, don't assume you're on a legitimate site. Look in your browser's Address bar for these signs that you may be on a phishing site:
  • http://us.i1.yimg.com/us.yimg.com/i/us/sec/yahoo_dotcom_slash_url_bar_3.gifI
  • ncorrect company name.
  • http://us.i1.yimg.com/us.yimg.com/i/us/sec/yahoo_https_url_bar_2.gif

  •  Often the web address of a phishing site looks correct, but actually contains a common misspelling of the company name or a character or symbol before or after the company name. Look out for tricks such as substituting the number "1" for the letter "l" in a web address (for example, www.paypa1.com instead of www.paypal.com).
  • http:// at the start of the address on Yahoo! sign-in pages. Check the web site address for any Yahoo! sign-in page. A legitimate Yahoo! sign-in page address starts with "https://." Look for the letter "s" following "http."
  • Missing slash. To verify that you're on a legitimate Yahoo! site, make sure a forward slash (" / ") appears after "yahoo.com" in the Address bar -- like these examples:

For example, "http://www.yahoo.com:login&mode=secure" is a fake web site address.
Important: A legitimate Yahoo! sign-in page never starts with"http://geocities.yahoo.com." If you land on a GeoCities page with a Yahoo! sign-in box, report it as a phishing web site immediately.

Be leery of pop-ups

Be careful if you're sent to a web site that first displays a pop-up window asking you to enter your user name and password. Phishing scams may direct you to a legitimate web site, but then use a pop-up to gain your account information.

Give a fake password

If you not sure if a site is authentic, don't use your real password to sign in. If you enter a fake password and appear to be signed in, you're likely on a phishing site. Do not enter any more information; close your browser. Keep in mind, though, that some phishing sites automatically display an error message regardless of the password you enter. So, just because your fake password is rejected, don't assume the site is legitimate.

Look for your sign-in seal when you sign in to Yahoo!

A sign-in seal is a secret message or image that you select to display in your Yahoo! sign-in box to help protect your account from phishers. Because the sign-in seal is secret between your computer and Yahoo!, you can be sure you're on a legitimate Yahoo! site each time use that computer to sign in to Yahoo!. Just look for the custom text or image you set up. If it's not there, you might have landed on a phishing site. Creating a sign-in seal is fast and easy.


Other web sites, such as those for banks and other financial institutions, may offer a similar feature to help protect you against phishing scams.

Use a web browser with anti-phishing detection

Both Internet Explorer and Mozilla Firefox web browsers have free add-ons (or "plug-ins") that can help you detect phishing sites.

Be wary of other methods to identify a legitimate site

Some methods used to indicate a safe site can't always be trusted. A small unbroken key or locked padlock at the bottom of your browser is not a reliable indicator of a legitimate web site. Just because there's a key or lock and the security certificate looks authentic, don't assume the site is legitimate.
 I learned to not trust URL’s that look real.  They make look like the real website. However they are fake.

 Phishing Example #1 
http://secmetrix.com/ch4/web8/ch4-chase.gif


New Phishing E-mail Example #2
From: no_reply@emailonline.chase.com
Subject: Account Status

Dear Chase OnlineSM Customer,
Due to recent activity on your account, we have issued the following security requirements. For your security, we have temporarily prevented access to your account. Chase safeguards your account when there is a possibility that someone other than you tried to sign on. You may be getting this message because you signed in from a different location or device. If this is the case, your access may be restored when you return to your normal sign on method. For immediate access, you are required to follow the intruction below to confirm your account in order to secure your personal account informations.

Click To Confirm Your Account

Regards,Carter Franke
Chief Marketing Officer
CardMember Services 

New Phishing E-mail Example #3

Subject: Security Check From Chase
From: Chase@emailinfo.chase.com
Date: Mon, 17 Jan 2011 16:43:56 -0500

Dear Valued JPMorgan Chase Customer,

Due to a recent security check on JPMorgan Chase online banking on 15th We require you to confirm your details and Re-activate your account

Re-activate now
Failure to do this within 24hrs will lead to access suspension
Sorry for the inconvienence

Regards
JPMorgan Chase Online Banking
Issued for USA use only | JPMorgan Chase Bank plc 2011

New Phishing E-mail Example #4

From: Chase Online
Sent: Mon, Jan 17, 2011 4:34 am
Subject: Account Maintenance

Dear client,
This is your official notification that the service(s) listed below will be deactivated and deleted if your profile is not verified immediately.
SERVICE: Chase Online and Bill Pay services.
EXPIRATION: January 20, 2011
What you need to do:

1. Log in to your account at www.Chase.com, by clicking the URL.
2. Enter your user ID and Password (that you selected during the online enrollment process).

Please do not reply to this message. For questions, please call Customer Service at the number on the back of your card. We are available 24 hours a day, 7 days a week.

Sincerely,

Carter Franke
Chief Marketing Officer 

New Phishing E-mail Example #5

From: Chase Online
Subject: Message Alerts : Online Banking Deactivated
To:
Date: Monday, January 17, 2011, 2:36 PM

Chase Bank Online® Department Notice
You have received this email because you or someone had used your account from different locations.
For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details.
To help speed up this process, please access the following link so we can complete the verification of your Chase Online® Banking Account registration information :
To get started, please click the link below:
https://chaseonline.chase.com/chaseonline/logon/sso_logon.jsp
Please Note:
If we do no receive the appropriate account verification within 48 hours, then we will assume this Chase Bank account is fraudulent and will be suspended. The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community.

Regards,
Chase Bank - Chase Online® Banking Department 

New Text Message Example #6

SMS Text Message from: jpmorgan@mail.tmail.com//Jpmorgan prepaid alert. call 212-924-4441

Please note the description provided is an indicator of the type of message, but may vary slightly in content and telephone number.


Security Advice
Fraudulent E-mail Examples
The following are examples of e-mail that customers have reported receiving. Please remember these are not legitimate messages and should not be responded to.

Reminder: Chase will never ask for your PIN or password over the telephone, by text message or by e-mail.

PLEASE NOTE: In addition to e-mail, criminals are now using pop-up windows to request your confidential information. See New Phishing Example #1 below.
New Phishing Example #1






New Phishing E-mail Example #2

From: no_reply@emailonline.chase.com
Subject: Account Status

Dear Chase OnlineSM Customer,
Due to recent activity on your account, we have issued the following security requirements. For your security, we have temporarily prevented access to your account. Chase safeguards your account when there is a possibility that someone other than you tried to sign on. You may be getting this message because you signed in from a different location or device. If this is the case, your access may be restored when you return to your normal sign on method. For immediate access, you are required to follow the intruction below to confirm your account in order to secure your personal account informations.

Click To Confirm Your Account

Regards,Carter Franke
Chief Marketing Officer
CardMember Services 

New Phishing E-mail Example #3

Subject: Security Check From Chase
From: Chase@emailinfo.chase.com
Date: Mon, 17 Jan 2011 16:43:56 -0500

Dear Valued JPMorgan Chase Customer,

Due to a recent security check on JPMorgan Chase online banking on 15th We require you to confirm your details and Re-activate your account

Re-activate now

Failure to do this within 24hrs will lead to access suspension
Sorry for the inconvienence

Regards
JPMorgan Chase Online Banking
Issued for USA use only | JPMorgan Chase Bank plc 2011

New Phishing E-mail Example #4

From: Chase Online
Sent: Mon, Jan 17, 2011 4:34 am
Subject: Account Maintenance

Dear client,
This is your official notification that the service(s) listed below will be deactivated and deleted if your profile is not verified immediately.
SERVICE: Chase Online and Bill Pay services.
EXPIRATION: January 20, 2011
What you need to do:

1. Log in to your account at www.Chase.com, by clicking the URL.
2. Enter your user ID and Password (that you selected during the online enrollment process).

Please do not reply to this message. For questions, please call Customer Service at the number on the back of your card. We are available 24 hours a day, 7 days a week.

Sincerely,

Carter Franke
Chief Marketing Officer 

New Phishing E-mail Example #5

From: Chase Online
Subject: Message Alerts : Online Banking Deactivated
To:
Date: Monday, January 17, 2011, 2:36 PM

Chase Bank Online® Department Notice
You have received this email because you or someone had used your account from different locations.
For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details.
To help speed up this process, please access the following link so we can complete the verification of your Chase Online® Banking Account registration information :
To get started, please click the link below:
https://chaseonline.chase.com/chaseonline/logon/sso_logon.jsp
Please Note:
If we do no receive the appropriate account verification within 48 hours, then we will assume this Chase Bank account is fraudulent and will be suspended. The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community.

Regards,
Chase Bank - Chase Online® Banking Department 

New Text Message Example #6

SMS Text Message from: jpmorgan@mail.tmail.com//Jpmorgan prepaid alert. call 212-924-4441

Please note the description provided is an indicator of the type of message, but may vary slightly in content and telephone number.

 Security Advice
Fraudulent E-mail Examples
The following are examples of e-mail that customers have reported receiving. Please remember these are not legitimate messages and should not be responded to.

Reminder: Chase will never ask for your PIN or password over the telephone, by text message or by e-mail.

PLEASE NOTE: In addition to e-mail, criminals are now using pop-up windows to request your confidential information. See New Phishing Example #1 below.
New Phishing Example #1






New Phishing E-mail Example #2

From: no_reply@emailonline.chase.com
Subject: Account Status

Dear Chase OnlineSM Customer,
Due to recent activity on your account, we have issued the following security requirements. For your security, we have temporarily prevented access to your account. Chase safeguards your account when there is a possibility that someone other than you tried to sign on. You may be getting this message because you signed in from a different location or device. If this is the case, your access may be restored when you return to your normal sign on method. For immediate access, you are required to follow the intruction below to confirm your account in order to secure your personal account informations.

Click To Confirm Your Account

Regards,Carter Franke
Chief Marketing Officer
CardMember Services 

New Phishing E-mail Example #3

Subject: Security Check From Chase
From: Chase@emailinfo.chase.com
Date: Mon, 17 Jan 2011 16:43:56 -0500

Dear Valued JPMorgan Chase Customer,

Due to a recent security check on JPMorgan Chase online banking on 15th We require you to confirm your details and Re-activate your account

Re-activate now

Failure to do this within 24hrs will lead to access suspension
Sorry for the inconvienence

Regards
JPMorgan Chase Online Banking
Issued for USA use only | JPMorgan Chase Bank plc 2011

New Phishing E-mail Example #4

From: Chase Online
Sent: Mon, Jan 17, 2011 4:34 am
Subject: Account Maintenance

Dear client,
This is your official notification that the service(s) listed below will be deactivated and deleted if your profile is not verified immediately.
SERVICE: Chase Online and Bill Pay services.
EXPIRATION: January 20, 2011
What you need to do:

1. Log in to your account at www.Chase.com, by clicking the URL.
2. Enter your user ID and Password (that you selected during the online enrollment process).

Please do not reply to this message. For questions, please call Customer Service at the number on the back of your card. We are available 24 hours a day, 7 days a week.

Sincerely,

Carter Franke
Chief Marketing Officer 

New Phishing E-mail Example #5

From: Chase Online
Subject: Message Alerts : Online Banking Deactivated
To:
Date: Monday, January 17, 2011, 2:36 PM

Chase Bank Online® Department Notice
You have received this email because you or someone had used your account from different locations.
For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details.
To help speed up this process, please access the following link so we can complete the verification of your Chase Online® Banking Account registration information :
To get started, please click the link below:
https://chaseonline.chase.com/chaseonline/logon/sso_logon.jsp
Please Note:
If we do no receive the appropriate account verification within 48 hours, then we will assume this Chase Bank account is fraudulent and will be suspended. The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community.

Regards,
Chase Bank - Chase Online® Banking Department 

New Text Message Example #6

SMS Text Message from: jpmorgan@mail.tmail.com//Jpmorgan prepaid alert. call 212-924-4441

Please note the description provided is an indicator of the type of message, but may vary slightly in content and telephone number.

No comments:

Post a Comment