Graham Cluley’s blog

The organised cybercrime gang responsible for the fake anti-virus scareware campaign I blogged about yesterday, are now turning their hands to phishing.

Emails, claiming to be directed at credit card customers of the Chase bank, actually point to a domain name which was being used yesterday to spread bogus anti-virus software.

Part of the phishing email reads as follows:

Important Information Regarding Your Chase Credit Card

Dear Chase Client ,

This is your official notification that the service(s) listed below
will be deactivated and deleted if not renewed immediately.
Previous notifications have been sent to the Billing Contact assigned to
this account.
As the Primary Contact, you must renew the service(s) listed below.

SERVICE: CHASE CREDIT CARD
Expiration: December 04 , 2008

If you visit the embedded link in the email you are taken to a cloned version of the Chase login page - with any login information you enter being put straight into the hands of the gang.

We've been saying for some time now that one of the dangers of purchasing fake anti-virus software is that you aren't just buying a bogus product sold through unethical marketing methods, but also that you're endangering your bank account by handing the criminals your credit card details. Well, here's the truth that they are prepared to use any means necessary to grab your confidential bank information.

Posted on December 6th, 2008 by Graham Cluley, Sophos
Filed under: Banking, Scam, Spam

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• Police arrest suspected banking Trojan gang
• Massive German banking data leak reported
• Are your bank details being sold on eBay?
• Busted! Wardriving gang suspected of TJ Maxx data breach charged
• Jail for gang who attempted £229m bank robbery