- I'm not a member of Chase bank.
- A bank will NEVER ask you to ReActivate through an email..
- The Signature at the bottom looks like it was copy and pasted onto the email.
- Pay close attention to WHO sent the email. At first glance it looks like it comes from "firstname.lastname@example.org" but it actually sent from "109505-www1.qoodos.com". Google provides a nice explanation of what 'via' stands for: http://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer=1311182
- When HOVERING OVER THE "Chase Online" link, it links to something COMPLETELY different than chase bank.. (hXXp://www.jenniferbain.com/images/index/links_images/login.php)
- Verbiage - Look for misspellings and strange grammar.
- Overall look and feel - Does the request look strange?? Are they asking you to do something you don't feel comfortable doing?? Like changing your password or providing account #'s/information? If AT ALL suspicious, contact your bank directly using phone number from your account statements. DO NOT rely on any information from the 'suspicious' email (phone #s, email addresses, links, etc)
- Links: DO NOT CLICK ANY LINKS or RESPOND to the email Notice where the LINKS actually point (WITHOUT CLICKING ON THEM!) (hover over the link and depending on your browser it will display the link/path/url at the bottom, if not, just hover over the link and right click (select copy link location), paste the link into wordpad or the google search bar)
When I enter the URL in the browser a few things happen:
1. The Firefox Browser I am using was nice enough to tell me this has been reported as a 'bad' site. I skip the message to show what the site looks like.
2. The site appears and shows a site EXACTLY like the 'real' chase bank site.
Notice the following in the video.
The URL on the site is NOT related to Chase Bank (one strike)
The page is being served over HTTP NOT HTTPS, any banking site will be using HTTPS for anything related to login and account information. (second strike)
Everything looks identical to the chase bank site. When I hover 'over' the log on icon/button notice it is 'calling' a php file from the server. This tells me the login is storing data on the malicious server. (strike 3). So behind the scenes you enter your UserID and Password into this page it will save this information and either sell it on the black market or try and use this information to login to your account and do some bad things to your $$.
All other links on the page are redirected to the 'official' Chase Bank Page.
Be safe out there. DO NOT click on links in emails, documents, or IM without vetting them properly.