New phishing scam exploits JPMorgan Chase victims

By on
New phishing scam exploits JPMorgan Chase victims

Insecurity used as leverage.

A new phishing scam is trying to profit from the fears of 25 million people affected by the data breach revealed last month by global financial services firm JPMorgan Chase.

The scam was highlighted in a 6 January blog post by Sophos senior security advisor Paul Ducklin, who says it shows how “cyber criminals use real security disasters to cause follow-up disasters of their own”.

The fake email targets the 25 million US users of Chase's UCARD debit card. About 465,000 of these people were told by the firm in December that their card data had been stolen, while the rest were left “in a sort of data security limbo”, Ducklin said.

He told SCMagazineUK.com that the new phishing attack exploits that situation. It asks people to provide more information in relation to the data breach and drives them to a credible-looking website.

“People should know about phishing, but this is believable and with the number of people involved they are probably going to hit their target very frequently. Whether by accident or design, this is also perfect timing. This one caught our attention because of the timing and the content.”

Ducklin reminded people of the need to “never log into a website reached by clicking on an email”.

Mike Loginov, chief cyber security strategist for HP ESS, said phishing attacks like the JP Morgan Chase scam are growing increasingly sophisticated in their ability to compromise individuals. He told SCMagazineUK.com: “Cybercriminals are taking phishing attacks to a whole new level by combining pertinent and trusted personal information that makes it even more difficult to spot in a fake email.”

Loginov cited examples of attacks that target high net-worth individuals “initially qualified by the bad guys using compromised credit cards and financial details, and followed with a simple surveillance or research exercise where anecdotal information overheard in a private conversation is utilised as part of the scam”.

The JPMorgan Chase data breach took place last July, but the firm only realised it had happened in September, and then notified people two to three months after that.

Companies use UCARD to pay salaries and US government agencies use it to issue tax refunds and benefits.

Copyright © SC Magazine, UK edition
Tags:
jpmorgan chase phishing security
In Partnership With

Most Read Articles

NBN Co to create a class war on its network

NBN Co to create a class war on its network
NBN Co leaves fresh batch of FTTC converts until last

NBN Co leaves fresh batch of FTTC converts until last
Google overhauls Gmail to compete with Outlook

Google overhauls Gmail to compete with Outlook
NBN Co accused of using Sky Muster as 'dumping ground'

NBN Co accused of using Sky Muster as 'dumping ground'
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report
The business case for hyperconvergence
The business case for hyperconvergence
What Every CIO Should Know about DevOps & Container Guides by Puppet
What Every CIO Should Know about DevOps & Container Guides by Puppet
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators

Events

Log In

Username / Email:
Password:
  |  Forgot your password?