14 DAY TRIAL // Emails pretending to come from Chase Online are currently hitting the inboxes of unsuspecting users, informing them that the financial institution took the decision to block access to their accounts because of irregular activity.
This is one of the oldest tricks in the book, but given recent news about JP Morgan Chase being affected by a cyber-attack, it could make plenty of victims.
In order to sort out the problem, the potential victim is required to log into the banking account and complete a verification process. The log-in website is a fake one impersonating the one from the bank, and all the information entered in the provided fields is automatically sent to the crooks.
An analysis from MillerSmiles shows that the server hosting the fraudulent page is located in Santiago, Chile, while the URL has nothing to do with the financial institution JP Morgan Chase, although the message appears to be from them.
The general lifespan of phishing websites is quite short as the malicious attempt is quickly picked up through automated systems monitoring emails and the threats they may carry.
However, even if the fake websites are online for just a few hours, chances are that some users have fallen into the trap and their banking credentials have been stolen. A good way to prevent this is to enable two-factor authentication, if available, and to access links in unsolicited emails by manually typing in the browser the address for the service they purport to come from.