A warning was sent to Chase Bank customers regarding a newly discovered phishing attack that threatened to harvest numerous credentials. A researcher revealed how the threat actors used the fraudulent website to deceive the banking institutions’ clients.
Based on the analysis, the malicious phishing operators attempted to harvest different credentials by designing a phishing site identical to the authentic Chase Bank login page. The adversaries organised this website to give them access to the users’ account that allows them to use the funds.
The attackers have also decided to offer the stolen credentials on the dark web and underground marketplaces.
Hackers relied on faulty Chase Bank domains to fool unaware users.
Based on another analysis, the threat actors often exploited keywords that correspond to Chase Bank search results to endorse their domain at the top of every search result in every browser.
The hackers then utilise these domains to bait the clients into their phishing websites. Therefore, it is essential for users to carefully check the details of a website before entering since most fraudulent can easily compromise an account after access.
Experts also advise everyone to verify the website by checking the URL and if there are typos on its pages.
Furthermore, not all anti-virus or security solutions can have a perfect defence against these attacks. Hence, users should rely upon their ability to identify faulty web pages or compromised domains.
A security team proved this assumption by testing a hundred AV solutions, and only a dozen could spot the phishing campaign.
The researchers then expressed their gratitude for taking the time to listen to their advisory since the current phishing attack poses a massive threat to every client. They also encourage everyone to contact their respective banks whenever they encounter phishing attempts since it can help design countermeasures for future use.
The Chase Bank cybersecurity support team is active on social media platforms, especially Twitter. Their clients are urged to contact their team to help mitigate any potential campaign effects.