Another "Chase" phishing attempt...

[K Frame]

This one offeres a "reward" of $20 if you log in and fill out a customer satisfaction survey.

Unlike the one earlier this week, which resolved to a Chase-like address, this one isn't even close.

Nice twist on the theme, though.

[K Frame]

Hey, this IS a new twist!

This is the URL that the above phishing attemp resolves to... http://www.ceimaitari.com/

If you enter it, it looks like a real company, but at a deeper glance, it really looks to be a fake company that's simply a cover for the spoof.

[Guest]

I have been getting a lot of Chase scam mails too. Funny thing, they started coming within days of my registration to the Chase site. Methinks that maybe they should be a little mroe carefull with who they sell their customer information to.

[K Frame]

I've been with Chase about 2 years now, and this is the first time I've gotten anything supposedly from them.

I get very similar e-mails "from" financial institutions with which I have absolutely no association.

I'm not so sure it's Chase selling their stuff as much as coincidence.

[cordex]

Just curious ... any of you find your emails in this file?
http://www.ceimaitari.com/chase/bank.txt

Alternatively, if you're getting these at a yahoo account, might be archived in here:
http://www.ceimaitari.com/chase/yahoo.rar

Interesting that they've got their lists accessable like that.

That front page of the website looks like the default for some content management system.

The link that the survey goes to resolves as http://2736680291:84/chase/ and them some obfuscating strings.  What is that ... IPv6?  Anyway, if you ping 2736680291 it comes out as 163.30.109.99 which is owned by the Ministry of Education Computer Center, Taipei Taiwan.

[K Frame]

What kind of program is an .rar file associated wtih?

[cordex]

WinRAR will open it.  So will 7zip and a bunch of other utilities.  If you get me your email address, I'll check the Yahoo list for you.

[K Frame]

I use 3 yahoo e-mails...

kframe_19

jframe32

mirwin22031

[cordex]

None of those were in the yahoo.rar file.

Searched 404188 rows.

Seems small for a spammer ... probably just one batch.

[Guest]

It is NOT SAFE to poke around at such websites, they could contain all sorts of stuff to try and auto-infect you if your protections and updates aren't rock-solid.

[RadioFreeSeaLab]

JimMarch, that's why I do my poking from a FreeBSD machine

[Stranger]

This one women's daughter (I know her from work) got the phishing email this morning around three and filled it out, then she realized what it was but it was too late.  Now shes been on the phone closing accounts and contacting fraud watch agencies.  The moral of the story: Dont fill out forms at three in the morning when you should be sleeping.  Very intelligent girl but the poor thing has no common sense at all.

[Guest]

What kind of program is an .rar file associated wtih?

Its a compression/archive similar to .zip files, you can open it with a variety of decompression tools (most notably win-rar). Its chief advantage was that one could divide a large file into smaller segments and then decompress them as a whole which made this format ideal for downloading very large files over a slow connection as you could grab it in little pieces. Its not commonly used in the days of affordable cable internet access.

[cordex]

It is NOT SAFE to poke around at such websites, they could contain all sorts of stuff to try and auto-infect you if your protections and updates aren't rock-solid.

Got that covered.  

[Standing Wolf]

What, pray, are the F., the B., and the I. doing about this sort of fraud?

[cordex]

What, pray, are the F., the B., and the I. doing about this sort of fraud?

Well, in this case, I suppose an agent could call +886-2-2737-7010 ext. 305 and hope they got through to someone who spoke English.  Then they could tell them what the internet connection under their control was being used for and hope they pull it and launch their own investigation.  Then maybe our heroic FBI agent could call the Taipei police station and hope they do something about it.  After that, it's kind of out of his hands.

Of course, there's nothing keeping you or I from emailing Twoblink and asking him to make the calls.  I think he's still in Jung He City and he could probably communicate with the locals a bit more clearly than you or I or our friendly agent.

[Antibubba]

Having dealt with the real Chase and Citi institutions, I'm not so certain the phishers would be any worse.