14 DAY TRIAL // With the holiday season quickly approaching and individuals making a lot of online transactions, cyber fraudsters pull out their old tricks from the closet and begin targeting once again the unsuspecting clients of financial institutions.
Chase and Barclays customers take the spotlight in the latest series of phishing scams discovered by GFI researchers.
Chase Bank clients are presented with a legitimate looking email that bares a link pointing to a well-designed phishing site that replicates the bank’s log-in page. After they provide the credentials, they are taken to another webpage that asks for even more sensitive details.
In the other series of emails, the ones that target Barclays customers, the recipients are warned that their accounts are suspended after someone made too many incorrect attempts to log-in.
The attached file unveils a cleverly designed form that requests tons of private data to allegedly reactivate the account. The crooks even warn that there is a time limit for the activation of the account to make sure the victims won’t hesitate in providing the valuable information.
Surname, membership number, passcode, memorable word, cardholder name, date of birth, mother’s maiden name, account number, card number, telephone passcode, CVV, and location related information are more than enough for the fraudsters to take over a bank account and make their holiday shopping.
After the information is provided, the user is redirected to the official website of Barclays, probably to make sure he won’t suspect anything until the crooks make away with the loot.
Internauts who are presented with these emails, or similar ones, are advised to delete them immediately and if there is any suspicion that the notification is legitimate, contact the financial institution involved using the contact details offered on their site, instead of using the information that may be contained in the email.