Chase Spear-phishing Attack
J P Morgan Chase officials are bracing for a massive spear phishing campaign to be launched by cyber thieves who recently broke into the bank’s servers.
The criminals who are thought to be based in either Russia or former Soviet satellite states, hacked into numerous J P Morgan computer servers and accessed contact information such as names and email addresses for over 76 million personal account and approximately seven million small business accounts.
While Chase has indicated that no bank account information was obtained during the June through August breach, it now fears the hackers will institute a wave of attacks directly on bank customers. It is expected that a spear phishing campaign, using and official-looking emails
complete with the bank’s corporate logo, or they could get a phone calls from a fake Chase account executive. The email or caller could, say/tailor an email to the customer with personalized information they downloaded, making is seem like it was legitimate.
The fake bank account executive or emailer will then indicate there is an urgent problem with the customer’s account, and then ask for birthdates, Social Security numbers or passwords. The virtual trap could also be set by the official-looking email asking customers to click on a link embedded in the email to, say, update their account information. However, the link takes the unsuspecting victim to a fake but legitimate-looking website, where the customer is then tricked into listing passwords, bank account numbers, Social Security numbers, user ID’s , access codes, and PIN’s.
– John