You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

We Detected Unusual Sign In Activity

What do you do when you get an email with this subject line?

You've seen these emails before. It's alarming, right??

With all the headlines today about data leaks and ransom threats, protecting your account is wildly important. And very concerning when there's a hint of a risk to that security.

Real-World Phishing Campaign (note the sender email address)

Not shockingly, hackers know it!

They're using this exact strategy with a fraudulent Chase bank Phishing campaign. These emails tell you that your account has had unusual sign-in activity, or they'll deliver you a fake credit card statement. Either way, they include a malicious link to a spoofed Chase bank login page.

And what do they do with that fake login page?

You're probably already getting it by now - but this is when they harvest your login password. They do this completely unbeknownst to the user.

"Verify Account" takes you to a spoofed Chase bank site

Spam filters play a key role in removing this kind of malicious activity, but hackers continually develop new tricks to evade filters. This email is a great example. It has made it through Microsoft's own filters with a low enough Spam Confidence Level that it didn't flash any warnings to users.

This email earned a Spam Confidence Level of -1 from Microsoft Exchange Online Protection and Microsoft Defender for Office 365, so it was able to reach the inboxes of users without any warning signs.

Cybercrime has become wildly lucrative. This means the hackers themselves will only keep getting better.

So what do we do about emails like these?

You can get very tricky about it, inspecting the email - its wording, content, sender, header, etc.

The quickest and most memorable way - just go to your browser and type in the bank's url! If it's a legitimate email, you'll notice the alert right away on the bank's website. And if not, you know you dodged a bullet!

Yes, this means you don't click the link, so it takes an extra 1.5 seconds. Those are 1.5 seconds well-invested in keeping your life secure from hackers.

Are you ready to take action?
We make it easy to Train your team to avoid Phishing scams just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

Start with a quick quote - hit us up here! (Don't worry - it's easy peasy!)

Thanks to TechRepublic for great reporting on this one!
[https://www.techrepublic.com/article/phishing-attacks-target-chase-bank-customers/]

Joel Cahill

Cyber security enthusiast. Entrepreneur.