Sunday, January 05, 2020

Chase Fake False Alarm Scam

This is a variation on click on this link email.
This is disguised as an "Is this you?" Monitoring alarm.
It's essentially designed to be a Faked False Alarm with a poison link.

It's the same methodology as the other scams. The window dressing is just different.

It's dressed up as "We're just checking if this login is you. If it is then carry on, no problem." Of course, the login isn't you and you're tempted to click the link to tell them about the "problem." I haven't bothered to click the link, but it's often a nasty php script or other malware. 

Here is what this email looked like:
If you at all care, everything in this email has been falsified. The IP address and the time.

First thing you should notice about the email (besides the odd diction) is the weird Subject line:

"NOTICE AS AT 1/5/2020 6:42:29 PM"

I work with machine monitoring and it Never says: Notice as at ...

Then there's the From line:
The second entry is clearly not Chase Bank. The first one is likely falsified.

And then there's the link:

That "tr" at the end of the URL means Turkey. Again, not at all a Chase Link.

To try to answer the obvious question. No, I don't know who falls for this. What's important is to know that your bank will never do this and beware of links in email. Some of them are legit, but it you're not sure, just visit your bank in the way that you usually do, and don't click on link candy in email.

No comments: