Chase Bank Phishing About To Void Exchange Email Security


Two types of phishing scams have already surfaced in the phishing zone and are now targeting Chase Bank. This phishing scam duo has been seen to elude the security protections as well as spoof the real account scenarios for fooling the victims. 

The threat actors are currently on a mission to impersonate the Chase Bank accounts in two phishing scam techniques that can null and void the Microsoft Exchange security. In both methods, the hackers are able to steal the victim’s credentials.

Lately, the researchers of Armorblox have discovered phishing attacks. One of the two claims to bear a credit card statement. The other one informs the users of their online access to their accounts has been restricted due to some unusual login activity. A blog post on the Armorblox mentioned on Tuesday. 

The first set of emails had been sent to 9,000 users’ emails in an Armorblox customers’ environment. The other collection had reached 8,000 users’ emails, senior manager of customer success at Armorblox, Preet Kumar, had written in the post. 

Both the phishing attacks have managed to bypass two security protections of Microsoft Exchange viz., Microsoft Defender for Office 365 (MSDO) and Exchange Online Protection (EOP). They make their way to the customers’ inboxes, she mentioned.

“These email attacks employed a gamut of techniques to get past traditional email security filters and pass the eye tests of unsuspecting end users,” Kumar wrote.

In the first instance, the malicious actors had sent an email titled – “Your Credit Card Statement Is Ready” bearing the sender’s name “JP Morgan Chase”. The report states that the emails contained HTML stylings resembling those of the genuine emails sent from the Chase Bank. The emails also included links targeting the victims forcing them to check their statements and make payments accordingly. 

“Microsoft assigned a Spam Confidence Level (SCL) of ‘-1’ to the email, which meant it skipped spam filtering because Microsoft determined that the email was from a safe sender, to a safe recipient, or was from an email source server on the ‘IP Allow’ list,” Kumar wrote in the report.

The links in the emails direct the potential victims to a phishing website that resembles the login portal of the Chase Bank. It demands the users’ banking account credentials, she further mentions. The researchers have assumed that the URL for the phishing page has been likely purchased and hosted by NameSilo hosting service provider. The company also offers SSL and email solutions to their customers. 

“Services like this are beneficial for millions of people around the world, but unfortunately also lower the bar for cybercriminals looking to launch successful phishing attacks,” Kumar observed.

The other instance of the phishing attack commences with an email titled – “URGENT: Unusual Sign-in Activity” and claims that the sender was from “Chase Bank Customer Care”, Kumar mentions.

The email contained a link that claimed to be for the bank’s customers that will verify their account and restore the lost access. This phishing method uses a common tactic to utilize the different “reply-to” and “from” addresses.

As per the other email, a click on the provided leads the users to a phishing page that would attempt to get the users to enter their credentials, the post clarified. In this case, however, the was already inactive by the time researchers could find it and investigated the campaign, said the researchers. 

Kumar noted that the account verification email also got past the Exchange detections and deemed safe with a rating of “1” in the Spam Confidence Level

The post had also outlined some clear telltale signs of both the email variants and what the victims must do if they receive one – 

  • They had included the mentioned-earlier use of the various “from” and “reply-to” addresses.
  • The utilization of a page that resembles its legitimacy from Chase Bank but with a URL, which does not match with the company’s website name. 
  • A security theme requiring someone to fill in the personal security details by adopting the secondary actions. 

“Since we get so many emails from service providers, our brains have been trained to quickly execute on their requested actions,” Kumar wrote. “It’s much easier said than done, but engage with these emails in a rational and methodical manner whenever possible.”

This is, however, not the first time that the Chase Bank customers have been targeted with phishing links or emails and of course, it will not be the last one either. 

Source: Threatpost

Disclaimer: Read the complete disclaimer here.


Please enter your comment!
Please enter your name here