New phishing scam exploits JPMorgan Chase victims

By on
New phishing scam exploits JPMorgan Chase victims

Insecurity used as leverage.

A new phishing scam is trying to profit from the fears of 25 million people affected by the data breach revealed last month by global financial services firm JPMorgan Chase.

The scam was highlighted in a 6 January blog post by Sophos senior security advisor Paul Ducklin, who says it shows how “cyber criminals use real security disasters to cause follow-up disasters of their own”.

The fake email targets the 25 million US users of Chase's UCARD debit card. About 465,000 of these people were told by the firm in December that their card data had been stolen, while the rest were left “in a sort of data security limbo”, Ducklin said.

He told SCMagazineUK.com that the new phishing attack exploits that situation. It asks people to provide more information in relation to the data breach and drives them to a credible-looking website.

“People should know about phishing, but this is believable and with the number of people involved they are probably going to hit their target very frequently. Whether by accident or design, this is also perfect timing. This one caught our attention because of the timing and the content.”

Ducklin reminded people of the need to “never log into a website reached by clicking on an email”.

Mike Loginov, chief cyber security strategist for HP ESS, said phishing attacks like the JP Morgan Chase scam are growing increasingly sophisticated in their ability to compromise individuals. He told SCMagazineUK.com: “Cybercriminals are taking phishing attacks to a whole new level by combining pertinent and trusted personal information that makes it even more difficult to spot in a fake email.”

Loginov cited examples of attacks that target high net-worth individuals “initially qualified by the bad guys using compromised credit cards and financial details, and followed with a simple surveillance or research exercise where anecdotal information overheard in a private conversation is utilised as part of the scam”.

The JPMorgan Chase data breach took place last July, but the firm only realised it had happened in September, and then notified people two to three months after that.

Companies use UCARD to pay salaries and US government agencies use it to issue tax refunds and benefits.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
jpmorgan chase phishing security
In Partnership With

Most Read Articles

Ban Chrome as default browser, limit Facebook user data harvesting: ACCC crackdown

Ban Chrome as default browser, limit Facebook user data harvesting: ACCC crackdown
Microsoft patches exploited new Windows zero-day

Microsoft patches exploited new Windows zero-day
NBN Co reveals 58 percent of HFC network still unserviceable

NBN Co reveals 58 percent of HFC network still unserviceable
NBN Co technicians missed 430 appointments a day

NBN Co technicians missed 430 appointments a day
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Automate and secure IOT for Business
Automate and secure IOT for Business
Data Science and AI Solutions for Cybersecurity
Data Science and AI Solutions for Cybersecurity
Intro to AI for Security Professionals
Intro to AI for Security Professionals
Digital Transformation: Hope, or Hype?
Digital Transformation: Hope, or Hype?
How to choose a trusted IT provider
How to choose a trusted IT provider

Events

Log In

Username / Email:
Password:
  |  Forgot your password?