Forward the email to abuse@chase.com.
NOTE: I have added an Update below.
============================================
Chase Bank : Your Online Banking Profile Has Been Changed
Tuesday, September 7, 2010 9:41 PM
From: "Chase Bank Alert" Add sender to Contacts
To: undisclosed-recipients
Dear Customer,
Due to the high number of fraud attempts and phishing scams, it has been decided to implement EV SSL Certification on this Internet Banking website.
The use of EV SSL certification works with high security Web browsers to clearly identify whether the site belongs to the company or is another site imitating that company's site.
It has been introduced to protect our clients against phishing and other online fraudulent activities. Since most Internet related crimes rely on false identity, Chase Bank went through a rigorous validation process that meets the Extended Validation guidelines.
Please Update your account to the new EV SSL certification by Please enter your Chase Bank Online ID and then update form."/ font"
(Failure to verify account details correctly will lead to account suspension)
Thank you.
Account Customer Service
==========================================================
UPDATE: I received a comment from someone who works for Verisign's Extended Validation SSL program. Read his comment below. He basically states that the consumer has to do absolutely nothing to take advantage of EV SSL certification. All you need to do is to make sure that your browser is updated to the latest version.
The EV SSL technology turns the URL bar green (or you see a green padlock) when you are on an encrypted page. It is designed to prevent phishing attacks. So, if the site you are on has the EV SSL and the green URL bar disappears or padlock is not green, it may indicate a fake site or phishing site. Take it as a WARNING and investigate before providing any information to the site.
If any email tells you that you have to click on this or that to verify your information, it is very well a phishing site. Be careful out there!
I received two phishing emails in August that "appeared" to come from Bank of America in reference to a call I made and they had the date of the call! That really gave me the creeps, in addition to the fact that BofA does not have that particular email address of mine and there is no way BofA would have it. Of course, I forwarded those to abuse@bankofamerica.com.
To due dilligence on the net,
Mary
Hi, I work for VeriSign's Extended Validation SSL evangelism department and caught this. Boy...this is quite unfortunate, not only because it's a clever phishing attempt that some have fallen for, but also because the association with EV SSL might confuse people about the technology.
ReplyDeleteJust so everyone knows, EV SSL is a real technology that turns the url bar green (or gives it a green padlock in certain browsers) whenever your browser is directed towards an encrypted page. Without getting too high-tech, it's designed to prevent phishing attacks, because if the site you're on has EV SSL and all of a sudden the green url bar disappears, you should take it as a warning that you may have been navigated to a fake or phishing website (so you should do some investigating before giving the site any of your private info should this happen).
Sites also need to undergo a rigorous background check to get an EV SSL cert - we want to make sure they are who they say they are.
The consumer, though, does not have to do ANYTHING expect update their browser to the latest version so that the green url bar shows. Any site claiming that you have to do anything more is a phishing site and should be ignored.
Thanks for your diligence and your savvy, Mary!