New phishing scam exploits JPMorgan Chase victims

By on
New phishing scam exploits JPMorgan Chase victims

Insecurity used as leverage.

A new phishing scam is trying to profit from the fears of 25 million people affected by the data breach revealed last month by global financial services firm JPMorgan Chase.

The scam was highlighted in a 6 January blog post by Sophos senior security advisor Paul Ducklin, who says it shows how “cyber criminals use real security disasters to cause follow-up disasters of their own”.

The fake email targets the 25 million US users of Chase's UCARD debit card. About 465,000 of these people were told by the firm in December that their card data had been stolen, while the rest were left “in a sort of data security limbo”, Ducklin said.

He told SCMagazineUK.com that the new phishing attack exploits that situation. It asks people to provide more information in relation to the data breach and drives them to a credible-looking website.

“People should know about phishing, but this is believable and with the number of people involved they are probably going to hit their target very frequently. Whether by accident or design, this is also perfect timing. This one caught our attention because of the timing and the content.”

Ducklin reminded people of the need to “never log into a website reached by clicking on an email”.

Mike Loginov, chief cyber security strategist for HP ESS, said phishing attacks like the JP Morgan Chase scam are growing increasingly sophisticated in their ability to compromise individuals. He told SCMagazineUK.com: “Cybercriminals are taking phishing attacks to a whole new level by combining pertinent and trusted personal information that makes it even more difficult to spot in a fake email.”

Loginov cited examples of attacks that target high net-worth individuals “initially qualified by the bad guys using compromised credit cards and financial details, and followed with a simple surveillance or research exercise where anecdotal information overheard in a private conversation is utilised as part of the scam”.

The JPMorgan Chase data breach took place last July, but the firm only realised it had happened in September, and then notified people two to three months after that.

Companies use UCARD to pay salaries and US government agencies use it to issue tax refunds and benefits.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
jpmorgan chase phishing security
In Partnership With

Most Read Articles

Service NSW turfs Windows OS for Chrome

Service NSW turfs Windows OS for Chrome
TPG files proposals for almost one third of 4G network

TPG files proposals for almost one third of 4G network
Telstra starts publishing 'average' NBN speeds

Telstra starts publishing 'average' NBN speeds
TPG joins Telstra in showing NBN fixed wireless speeds

TPG joins Telstra in showing NBN fixed wireless speeds
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report
The business case for hyperconvergence
The business case for hyperconvergence
What Every CIO Should Know about DevOps & Container Guides by Puppet
What Every CIO Should Know about DevOps & Container Guides by Puppet
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators

Events

Log In

Username / Email:
Password:
  |  Forgot your password?