Chase Bank Phishing Scam Asks Customers to Upload Selfies
A new phishing scam that has hit Chase bank asks customers to upload their selfies as well.
As per reports this new phishing scam targeting customers of Chase bank asks them to share their personal information and also demands the uploading of a selfie. BleepingComputer.com reports, “A new phishing scam targeting Chase bank customers has been discovered that not only asks you for your personal information, but also requests that you upload a selfie of yourself holding your ID or driver license.”
This new phishing scam has been discovered by the MalwareHunterTeam. Lawrence Abrams, the creator and owner of BleepingComputer.com, writes, “Phishing scams have become so common that they tend to become a blur. That is until one does something a bit different and makes it stand out from the pack…Such is the case with a new Chase bank phishing site discovered by MalwareHunterTeam that starts out like all the rest, but then rolls out a extra trick at the end.”
As part of the phishing scam, customers get a landing page that looks exactly like the bank’s webpage; there would be the login form also that supposedly takes the customers to their online account. But when a customer attempts to log in, it would seem as if there is something wrong. There would appear a “Verify your account” page which would say- “You cannot access all your Chase advantages, due to account limited. To restore your account, please click Continue to update your information”. Below there would be a ‘Continue to Chase’ button, clicking on which would take the customer to a series of pages that would ask for personal data starting with email address and password. It would also ask for name, address, date of birth, phone number, card number, card PIN, CVV, social security number etc. If the customer fills in all personal details, the website would then ask the customer to confirm the ID by uploading a selfie. The selfie should also have the customer’s ID card- driver’s license or ID card. The customer would be asked to upload both sides of the ID card. Thus, the scammers can, by duping customers, get all the personal data that they would need to do any kind of identity theft or online fraud.
However, one look at the URL and any intelligent customer can realize it’s a scam. Even otherwise, no bank ever asks for data like ATM PIN, CVV etc for verification. The phishing website uses the URL chasexxxx.ddns.net, which makes it obvious that it’s not a Chase address. That ‘Date of Birth’, on the phishing page, is ‘”Date Of Britch”’ too makes it very obvious that it’s a phishing website.
Lawrence Abrams, in his BleepingComputer.com report, notes that asking a person to upload a selfie while holding an ID card is not a common request on phishing websites. He adds, “It is, though, a common request to upload selfies or use selfie ID verification when creating accounts or withdrawing funds at sites where you transfer money, purchase or trade cryptocurrency, or gamble. Therefore, it’s possible this request is being done to create new accounts under a victim’s name or try and access a victim’s online cryptocurrency accounts.”
Source: https://securityboulevard.com/2019/04/how-to-protect-wordpress-websites-from-sql-injection/
Related Resources:
Edmonton: Phishing Scam Costs EEDC $375,000
Phishing Scams Serious Problem for Canada’s Global Affairs