Many people told BleepingComputer that they received the same phishing scam "Security announcement", who tried to steal them credentials of their bank accounts. In particular, one recipient stated that he accepted the scam after it was rejected card of in a online courses market and thought that e-mail sent to him was a legal notice from Chase Bank about scam.
The phishing emails received by the unsuspecting victims claimed that the recipient's Chase account had been blocked after suspicious activity was detected. To "unlock" his account, the recipient was asked to click the button "Reset now" in the email.
When he clicked the button "Reset now", the recipient was redirected to a page asking them to log in to their account Chase. If he entered his login details, they were sent to cybercriminals, who then acquired access to the victim's account.
In addition, the phishing page asked the user to enter additional personal information to verify that they are the account holder. These included: first name, last name, date of birth, social security number, home address and telephone number.
If a cybercriminal gains access to this information, he could use it to theft access other accounts or send further targeted phishing emails.
It is worth noting that fraudulent alerts sent by Chase Bank never ask recipients to enter their personal information or login credentials. Instead, they are only asked to confirm if a transaction was legal by clicking a button in the email sent to them.
Therefore, Chase Bank customers who receive an email asking them to log in or enter their personal information should delete it immediately and call customer service to confirm that they have been contacted.