Chase phishing scam…if you use chase please read.
I just received an email from firstname.lastname@example.org about recent fraud activity. Here is the actual message:
Right away I was pretty certain that I was staring straight into the eyes of a phishing scam, but I decided to investigate. For one I checked the mail header and am pretty sure that a) chaseonline.com wasn’t a chase domain and b) that yokoi.deviantart.com wasn’t their mail relay for official messages. I went ahead and went to the linked website and it was a perfect copy of the actual chase website. But the dns address was pointing to a homeftp.net…yea not chase. But one other major flag was the lack of https (that s makes a huge difference). Even without all of the other research that I did one should never log into a bank/creditcard site that isn’t secured with a proper ssl cert. Of course if the scamers were good they could have used a self-signed ssl cert…which is where firefox comes in. Firefox will warn you before allowing you to enter any site with an improper ssl cert. Some people think this is a bad thing because self signed ssl certs aren’t necessarily a bad thing. I agree I use them where they are needed, but it is a pretty simple task to allow an exception in firefox, and I would rather know if the website I am going to has a proper cert or not.
I called chase to let them know and made sure that my account was, in fact, safe. But if you have a chase account be warned and don’t trust an email. When in doubt call the number on the back of your card.