PDA

View Full Version : Another Scam for Banking This Time



Jim Koepke
01-02-2018, 2:10 PM
The thread on a possible PayPal scam got me to post this one:

Welcome to the Chase Customer Claims Secure Document Exchange. You recently contacted Chase regarding your claim number 464356555310001 and your documents relating to that claim are available for your review on this site.

Per our telephone conversation, you will need to login to the secure website by clicking on the link below, or you can copy and paste the link into your browser's address bar.

https://sdx.chase.com/consumerdcx-chase_atm/private/main.jsp?username=xxxxxxxxxxxxxxxxx



Welcome to the Chase Customer Claims Secure Document Exchange. You recently contacted Chase regarding your claim number 464356555310001 and your documents relating to that claim are available for your review on this site.

Per our telephone conversation, you will need to login to the secure website by clicking on the link below, or you can copy and paste the link into your browser's address bar.

https://sdx.chase.com/consumerdcx-chase_atm/private/main.jsp?username=H1MvpQ%2Fo161IeY8UaLTxJTBX8PAhp0 llVTrye8uOWjg%3D

Your user name is {deleted by moderator}

Your initial password is: {deleted by moderator}

On your first login, you will be required to select a new password. NOTE: This site is different from Chase.com and passwords are not related. Updating your password on Chase Customer Claims Secure Document Exchange will have no impact on established Chase.com passwords.

Once registered, you will be able to access your customer correspondence on our secure website. Thank you for using Chase Customer Claims Secure Document Exchange.

To contact Chase for claim-related questions or to withdraw your claim, please call 1-866-564-2262.

Es posible que algunos o todos los documentos, servicios o correspondencia est�n disponibles solo en ingl�s.

Para hablar con un especialista de servicio al cliente en espa�ol, por favor llame 1-866-564-2262.

This was particularly interesting because of a recent claim.

Googling the phone number indicated many others have seen this as a scam. The web eddress didn't look right to me. It is listed in the Google search as a scam site.

The thought was most people use the same password for everything and would change their password or through the scam site log into their bank account. There is also the thought that going to the site may set one up for some malware.

It also seems this one has been around for some time.

The old adage rings true, "Look before you Leap!"

Maybe for modern times it should be "Google before you respond."

jtk

Roy Petersen
01-02-2018, 2:43 PM
The address you gave is a sub domain of chase.com, owned by the correct person:
chase.com
Registrant Name: Domain Administrator
Registrant Organization: JPMorgan Chase & Co.
Registrant Street: 201 North Walnut Street, Mail Suite DE1-0175
Registrant City: Wilmington
Registrant State/Province: DE

sdx.chase.com/consumerdcx-chase_atm/private/main.jsp? (sdx is similar to www on a web server, a subdomain)
The latter part of the address you gave is a coded version that places your email (adi*********y@gmail.com) in the form, so you may want to have a mod remove that full link.

The big question is, do you have an account with that company, and is it associated with that email?

Jim Koepke
01-02-2018, 3:01 PM
Thanks for you input Roy.

My plan is to make a copy of the email and drop by my bank today to see what they say.

jtk

Robert LaPlaca
01-02-2018, 3:10 PM
Jim, financial institutions will never bury a link to their websites in an email.

My guess is even though the domain of the text of supplied hyperlink looks correct, if you look at the actual dns address that the hyperlink takes you to is not a chase.com domain. Most email clients will display the actual hyperlink address if you hover over them..

Roy Petersen
01-02-2018, 6:51 PM
My guess is even though the domain of the text of supplied hyperlink looks correct, if you look at the actual dns address that the hyperlink takes you to is not a chase.com domain. Most email clients will display the actual hyperlink address if you hover over them..
DNS stands for domain name service. It takes a domain name and translates it into an IP address, which can then locate the proper server (like a street address). In this case, the URL he provided led to the site Chase uses (a subdomain of chase.com), pointed to a third party service that handles documents and signing. Since only chase.com (JP Morgan) has access to make DNS changes on their domain name (without a fairly sophisticated hack like DNS cache poisoning), the odds are better than average it's legit. The odds increase if the recipient uses them, and has recently spoken to them to discuss something that included that case number. The site he goes to clearly states the login there is not his Chase login, but instead the one provided in the email he received.

I'd suggest if the above conditions about the case and call are correct, it's likely valid.
Asking Chase will certainly clear it up.

David T gray
01-02-2018, 7:46 PM
its legit also it lets me log in with your info and see every thing i would uhh remove your post since the link in the email includes your user name and u supplied the password ;)

Jim Koepke
01-03-2018, 2:29 AM
First thanks to the moderator for removing information my foolishness had me posting.

Second, a printout was taken to the local branch today and in their judgment it was a scam email. My confidence in their judgement isn't great, but in this case if it does regard a matter we had recently discussed with the bank, to my knowledge it has been resolved.

Similar emails have come my way in the past. Usually they concern a bank with which we do not do business.

jtk

Roy Petersen
01-03-2018, 7:30 AM
They feel it's a scam email even though it goes to something that bank controls, like their own domain records?
I'm surprised, but suspect they're mistaken. I'd be curious to know if the case number it was referring to was something they could look up and see if it existed, and if so was it about your account.
No matter if it's resolved, I suppose.

Alan Rutherford
01-03-2018, 7:40 AM
They feel it's a scam email even though it goes to something that bank controls, like their own domain records?
I'm surprised, but suspect they're mistaken....

I'm with Roy.

glenn bradley
01-03-2018, 8:37 AM
Did you indeed have a case open with them that requires that they deliver secured documents to you? Does the claim number match what you were given at the time you opened the case? If not, toss it. I never even preview any email that I am not specifically expecting; I toss them or mark them.

Chuck Wintle
01-03-2018, 8:57 AM
The thread on a possible PayPal scam got me to post this one:

Welcome to the Chase Customer Claims Secure Document Exchange. You recently contacted Chase regarding your claim number 464356555310001 and your documents relating to that claim are available for your review on this site.

Per our telephone conversation, you will need to login to the secure website by clicking on the link below, or you can copy and paste the link into your browser's address bar.

https://sdx.chase.com/consumerdcx-chase_atm/private/main.jsp?username=xxxxxxxxxxxxxxxxx




This was particularly interesting because of a recent claim.

Googling the phone number indicated many others have seen this as a scam. The web eddress didn't look right to me. It is listed in the Google search as a scam site.

The thought was most people use the same password for everything and would change their password or through the scam site log into their bank account. There is also the thought that going to the site may set one up for some malware.

It also seems this one has been around for some time.

The old adage rings true, "Look before you Leap!"

Maybe for modern times it should be "Google before you respond."

jtk

This to me is a scam..anytime its required to login by email it very likely is a scam.

Bert Kemp
01-03-2018, 9:07 AM
Rule #! never ever click on a link in an email!!!
go to your accounts page and login from there and check things out.You can find out everything from logging into you account. don't login from an email

Robert LaPlaca
01-03-2018, 9:32 AM
First thanks to the moderator for removing information my foolishness had me posting.

Second, a printout was taken to the local branch today and in their judgment it was a scam email. My confidence in their judgement isn't great, but in this case if it does regard a matter we had recently discussed with the bank, to my knowledge it has been resolved.

Similar emails have come my way in the past. Usually they concern a bank with which we do not do business.

jtk

Unsolicited emails with links and passwords received via email from anyone, should always be treated as suspected phishing. It sounds like since you had a preexisitng matter with the bank the email could be email could be legit.

To me (an IT professional with 30+ years in the industry) if the email is legit, it is very poor way to send the customer a initial user/password, typically this is done via snail mail or sent after confirming the receiving email address. Also itís plenty easy for the displayed hyperlink in the email to point to some other host, in other words the displayed hyperlink text doesnít need to match the actual host one gets sent to via the hyperlink,plenty of phishing email scams use this technique.

At no time was I suggesting that chase.com DNS was being compromised and I maintained DNS for one of my employers, so am pretty knowledgeable about the process.

Roy Petersen
01-03-2018, 10:06 AM
if the email is legit, it is very poor way to send the customer a initial user/password
Absolutely agree on that point. Unencrypted email can be seen and read along the way, as well as while it sits on the mail server waiting for retrieval.


Also itís plenty easy for the displayed hyperlink in the email to point to some other host, in other words the displayed hyperlink text doesnít need to match the actual host one gets sent to via the hyperlink,plenty of phishing email scams use this technique.
In this case, the link goes to a Chase owned domain, protected with a Chase owned SSL certificate that's verified by Symantec (Symantec Class 3 EV SSL CA - G3). EV stands for "Extended Validation", which is producing documented proof of who you are to Symantec, rather than DV (domain validation), which is just "you own the domain, so fine" validation. Odds are *very* good it's a legitimate site.

At no time was I suggesting that chase.com DNS was being compromised
I only mentioned that as the only way for the site mentioned in the email to have been faked to phish logins. It would be odd to do so while providing the login to the site, as they did in the email. ;)

Jim Koepke
01-03-2018, 12:22 PM
They feel it's a scam email even though it goes to something that bank controls, like their own domain records?
I'm surprised, but suspect they're mistaken. I'd be curious to know if the case number it was referring to was something they could look up and see if it existed, and if so was it about your account.
No matter if it's resolved, I suppose.

It would not surprise me if the email was authentic and the clerks in the branch office just pulled an answer out of the air. They verified the phone number was a Chase number, but said that only lends authenticity and most people would then select the link without calling. Maybe give the number a call and tell them this looks like a scam.

On a side note, one time Chase sent me a check for $10. We had no idea why. When we went to the bank to cash the check, we asked why we received it. After about 15 minutes of checking we were told that at first they thought we were pulling some kind of scam and considered calling the police. Then they called the issuing office to inquire. They finally told us no one had any idea why the check was issued and for $10 we should just cash it and have fun with the money.

Sometimes a bank can be too big for their own good or the good of the public.

jtk

Simon MacGowen
01-03-2018, 5:47 PM
They finally told us no one had any idea why the check was issued and for $10 we should just cash it and have fun with the money.

Sometimes a bank can be too big for their own good or the good of the public.

jtk

When a tool vendor makes a mistake, we discuss it like it is the world. But do you people know how many mistakes are made in the financial sector including banks and tax agencies everyday?

While I can't specifically reveal my sources, I can tell you more than any customers or ordinary people can believe. $10 was nothing; $10,000 was withdrawn from someone's account and the client was reimbursed in full, given a gift card (as a token of apology for inconvenience as it took several weeks to resolve the matter within the bank) and was not given the reason why or how it happened. Banks make a LOT of mistakes in ALL departments. You can easily verify this if you know someone who works there.

Don't believe in anything you read or receive in ANY unsolicited emails, no matter where they come from. If you talked to PayPal, your investment bank, etc., this morning and received an email purported to be from them in the afternoon, it could just be a COINCIDENCE. It has happened to me more than once!

Simon

Jerome Stanek
01-03-2018, 6:00 PM
I had a $25,000 deposit that they put in someone else's account one time and that made me overdraw my payroll and payments to my vendors. I went there and showed them that my receipt and they reimbursed me and paid the vendors with including the penalties to straighten it out.

Simon MacGowen
01-03-2018, 6:45 PM
I had a $25,000 deposit that they put in someone else's account one time and that made me overdraw my payroll and payments to my vendors. I went there and showed them that my receipt and they reimbursed me and paid the vendors with including the penalties to straighten it out.

Your incident was pretty straightforward: the bank staff debited your money into someone's account by mistake. The one I quoted was different: the money (not even due for maturity) disappeared from the client's account (an investment account) even though that account had had no transactions involved with anyone. If the money wasn't due for renewal or redemption, it was supposed to be locked in, but somehow it vanished without the knowledge of the account owner (how the owner came to realize about it was another story -- hint: the bank did not know about it either until the client brought it to its attention).

Simon