Fraud Management & Cybercrime , Fraud Risk Management , Social Engineering

Phishing Campaign Used Chase Fraud Alert as Lure

Mariana Pereira of Darktrace Explains How the Campaign Worked
Mariana Pereira, director of email security products, EMEA, Darktrace

Fraudsters used phishing emails purporting to be a warning from Chase Bank about "unusual activity" on credit cards in an attempt to steal consumers’ account credentials, according to security firm Darktrace.

See Also: OnDemand | Understanding Human Behavior: Tackling Retail's ATO & Fraud Prevention Challenge

The phishing emails contained far more details than most such campaigns, says Mariana Pereira, director of email security products, EMEA, at Darktrace. It’s not clear if the campaign targeting Chase customers, which started in January, is continuing, she tells Information Security Media Group in a video interview.

"The days of tracking email campaigns as we know them may be over,” she says. Phishing emails are now so polymorphic that a campaign doesn’t really have a beginning and an end – with automation, attacks can continue indefinitely with variability, she adds.

Because the attackers continuously added new domains from which they sent the phishing emails, it’s difficult to tabulate how many were sent, Pereira explains.

Avoiding Detection

The fraudsters loaded the emails with legitimate Chase URLs and images, according to Darktrace.

"By padding the email with mostly valid content and links, the attacker attempted to deceive legacy email security tools into perceiving the email as benign," the report states.

But the messages included one typo. "The sender's domain, 'fraudpreventino,' is visually similar to 'fraudprevention' - the domain of the legitimate website - so the look-a-like could be easily misread as legitimate by a user," according to Darktrace.

If a victim clicked on the link in the email, they were led to a fraudulent Chase login screen. Any personal data or information inputted into the fields, such as login credentials, was recorded and harvested by the attackers, the Darktrace report states.

The fraudsters sent messages to a broad range of consumers, hoping to snag those who bank with Chase, according to Darktrace.

"Attackers often leverage well-known brands like Chase to indiscriminately target a large pool of inboxes. They are statistically likely to find a Chase customer without having to go through the effort of actually hacking Chase’s CRM," the report states (see: Zoom-Themed Phishing Campaign Targets Office 365 Credentials).

Additional Clues

The researchers found a number of anomalous links included in the email. There was an inconsistency between the displayed link addresses and the actual destination of the hyperlink. In addition, the domain itself was newly registered, which helped disguise that it was malicious, Darktrace says.

But the email's professional appearance made it difficult to identify it as part of a phishing campaign, Pereira says. Artificial intelligence-based tools can help identify these scams by scrutinizing email from unexpected sources as well as looking for inconsistencies and errors in the message, she adds.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.