New Financial Phishing Attacks Attempt to Play off Fear for Scams

May 18, 2006
Spammer using a 'report the fraud' call-to-action to obtain account holder information
MicroWorld Technologies, an anti-virus and content security company, reports that it is seeing "one of the most bizarre phishing scams to date."

The latest in these phishing scams purports to be from banking company Chase, and rather than take the usual format of claiming that your account is in jeopardy and that you need to log-in and make a change, this one seems to confront phishing directly:

"We want you to be aware of e-mail scams that attempt to steal your personal and/or account information. Known as “phishing”, these scams consist of an email that looks like it came from Chase (Complete with Chase logo) and usually takes an urgent and demanding tone. It is not our practice to send -and you should never respond or reply to- email that: Requires you enter personal information directly into email or submit some other way. Threatens to close or suspend your account if you do not take immediate action by providing personal information……"

According to MicroWorld (we have to rely on them, SIW's staff currently fortunately hasn't receive this one yet), the email then takes the reader to a page where they are supposed to log in (using their account information!) to report a fraud. You got it -- that account information isn't going anywhere but into the phisher's pocket.

In his announcement of the new phishing scam, MicroWorld Technologies' CEO Govind Rammurthy called the spam "a masterpiece design from scam artists," and added that this kind of psychological ploy represents a continual increase in savvy and creative ideas designed to separate an account holder from their personal information.

"This one definitely takes the cake," said Rammurthy. "It’s like hijacking your senses smoothly and completely, to force you to do something really stupid before you know what happened."