Another Scam for Banking This Time

[Jim Koepke]

The thread on a possible PayPal scam got me to post this one:

Welcome to the Chase Customer Claims Secure Document Exchange. You recently contacted Chase regarding your claim number 464356555310001 and your documents relating to that claim are available for your review on this site.

Per our telephone conversation, you will need to login to the secure website by clicking on the link below, or you can copy and paste the link into your browser's address bar.

https://sdx.chase.com/consumerdcx-ch...xxxxxxxxxxxxxx

Welcome to the Chase Customer Claims Secure Document Exchange. You recently contacted Chase regarding your claim number 464356555310001 and your documents relating to that claim are available for your review on this site.

Per our telephone conversation, you will need to login to the secure website by clicking on the link below, or you can copy and paste the link into your browser's address bar.

https://sdx.chase.com/consumerdcx-ch...VTrye8uOWjg%3D

Your user name is {deleted by moderator}

Your initial password is: {deleted by moderator}

On your first login, you will be required to select a new password. NOTE: This site is different from Chase.com and passwords are not related. Updating your password on Chase Customer Claims Secure Document Exchange will have no impact on established Chase.com passwords.

Once registered, you will be able to access your customer correspondence on our secure website. Thank you for using Chase Customer Claims Secure Document Exchange.

To contact Chase for claim-related questions or to withdraw your claim, please call 1-866-564-2262.

Es posible que algunos o todos los documentos, servicios o correspondencia est�n disponibles solo en ingl�s.

Para hablar con un especialista de servicio al cliente en espa�ol, por favor llame 1-866-564-2262.

This was particularly interesting because of a recent claim.

Googling the phone number indicated many others have seen this as a scam. The web eddress didn't look right to me. It is listed in the Google search as a scam site.

The thought was most people use the same password for everything and would change their password or through the scam site log into their bank account. There is also the thought that going to the site may set one up for some malware.

It also seems this one has been around for some time.

The old adage rings true, "Look before you Leap!"

Maybe for modern times it should be "Google before you respond."

jtk

[Roy Petersen]

The address you gave is a sub domain of chase.com, owned by the correct person:
chase.com
Registrant Name: Domain Administrator
Registrant Organization: JPMorgan Chase & Co.
Registrant Street: 201 North Walnut Street, Mail Suite DE1-0175
Registrant City: Wilmington
Registrant State/Province: DE

sdx.chase.com/consumerdcx-chase_atm/private/main.jsp? (sdx is similar to www on a web server, a subdomain)
The latter part of the address you gave is a coded version that places your email (adi*********y@gmail.com) in the form, so you may want to have a mod remove that full link.

The big question is, do you have an account with that company, and is it associated with that email?

[Jim Koepke]

Thanks for you input Roy.

My plan is to make a copy of the email and drop by my bank today to see what they say.

jtk

[Robert LaPlaca]

Jim, financial institutions will never bury a link to their websites in an email.

My guess is even though the domain of the text of supplied hyperlink looks correct, if you look at the actual dns address that the hyperlink takes you to is not a chase.com domain. Most email clients will display the actual hyperlink address if you hover over them..

[Roy Petersen]

My guess is even though the domain of the text of supplied hyperlink looks correct, if you look at the actual dns address that the hyperlink takes you to is not a chase.com domain. Most email clients will display the actual hyperlink address if you hover over them..

DNS stands for domain name service. It takes a domain name and translates it into an IP address, which can then locate the proper server (like a street address). In this case, the URL he provided led to the site Chase uses (a subdomain of chase.com), pointed to a third party service that handles documents and signing. Since only chase.com (JP Morgan) has access to make DNS changes on their domain name (without a fairly sophisticated hack like DNS cache poisoning), the odds are better than average it's legit. The odds increase if the recipient uses them, and has recently spoken to them to discuss something that included that case number. The site he goes to clearly states the login there is not his Chase login, but instead the one provided in the email he received.

I'd suggest if the above conditions about the case and call are correct, it's likely valid.
Asking Chase will certainly clear it up.

[David T gray]

its legit also it lets me log in with your info and see every thing i would uhh remove your post since the link in the email includes your user name and u supplied the password

[Jim Koepke]

First thanks to the moderator for removing information my foolishness had me posting.

Second, a printout was taken to the local branch today and in their judgment it was a scam email. My confidence in their judgement isn't great, but in this case if it does regard a matter we had recently discussed with the bank, to my knowledge it has been resolved.

Similar emails have come my way in the past. Usually they concern a bank with which we do not do business.

jtk

[Roy Petersen]

They feel it's a scam email even though it goes to something that bank controls, like their own domain records?
I'm surprised, but suspect they're mistaken. I'd be curious to know if the case number it was referring to was something they could look up and see if it existed, and if so was it about your account.
No matter if it's resolved, I suppose.

[Alan Rutherford]

They feel it's a scam email even though it goes to something that bank controls, like their own domain records?
I'm surprised, but suspect they're mistaken....

I'm with Roy.

[glenn bradley]

Did you indeed have a case open with them that requires that they deliver secured documents to you? Does the claim number match what you were given at the time you opened the case? If not, toss it. I never even preview any email that I am not specifically expecting; I toss them or mark them.

[Chuck Wintle]

The thread on a possible PayPal scam got me to post this one:

Welcome to the Chase Customer Claims Secure Document Exchange. You recently contacted Chase regarding your claim number 464356555310001 and your documents relating to that claim are available for your review on this site.

Per our telephone conversation, you will need to login to the secure website by clicking on the link below, or you can copy and paste the link into your browser's address bar.

https://sdx.chase.com/consumerdcx-ch...xxxxxxxxxxxxxx




This was particularly interesting because of a recent claim.

Googling the phone number indicated many others have seen this as a scam. The web eddress didn't look right to me. It is listed in the Google search as a scam site.

The thought was most people use the same password for everything and would change their password or through the scam site log into their bank account. There is also the thought that going to the site may set one up for some malware.

It also seems this one has been around for some time.

The old adage rings true, "Look before you Leap!"

Maybe for modern times it should be "Google before you respond."

jtk

This to me is a scam..anytime its required to login by email it very likely is a scam.

[Bert Kemp]

Rule #! never ever click on a link in an email!!!
go to your accounts page and login from there and check things out.You can find out everything from logging into you account. don't login from an email

[Robert LaPlaca]

First thanks to the moderator for removing information my foolishness had me posting.

Second, a printout was taken to the local branch today and in their judgment it was a scam email. My confidence in their judgement isn't great, but in this case if it does regard a matter we had recently discussed with the bank, to my knowledge it has been resolved.

Similar emails have come my way in the past. Usually they concern a bank with which we do not do business.

jtk

Unsolicited emails with links and passwords received via email from anyone, should always be treated as suspected phishing. It sounds like since you had a preexisitng matter with the bank the email could be email could be legit.

To me (an IT professional with 30+ years in the industry) if the email is legit, it is very poor way to send the customer a initial user/password, typically this is done via snail mail or sent after confirming the receiving email address. Also it’s plenty easy for the displayed hyperlink in the email to point to some other host, in other words the displayed hyperlink text doesn’t need to match the actual host one gets sent to via the hyperlink,plenty of phishing email scams use this technique.

At no time was I suggesting that chase.com DNS was being compromised and I maintained DNS for one of my employers, so am pretty knowledgeable about the process.

[Roy Petersen]

if the email is legit, it is very poor way to send the customer a initial user/password

Absolutely agree on that point. Unencrypted email can be seen and read along the way, as well as while it sits on the mail server waiting for retrieval.

Also it’s plenty easy for the displayed hyperlink in the email to point to some other host, in other words the displayed hyperlink text doesn’t need to match the actual host one gets sent to via the hyperlink,plenty of phishing email scams use this technique.

In this case, the link goes to a Chase owned domain, protected with a Chase owned SSL certificate that's verified by Symantec (Symantec Class 3 EV SSL CA - G3). EV stands for "Extended Validation", which is producing documented proof of who you are to Symantec, rather than DV (domain validation), which is just "you own the domain, so fine" validation. Odds are *very* good it's a legitimate site.

At no time was I suggesting that chase.com DNS was being compromised

I only mentioned that as the only way for the site mentioned in the email to have been faked to phish logins. It would be odd to do so while providing the login to the site, as they did in the email.

[Jim Koepke]

They feel it's a scam email even though it goes to something that bank controls, like their own domain records?
I'm surprised, but suspect they're mistaken. I'd be curious to know if the case number it was referring to was something they could look up and see if it existed, and if so was it about your account.
No matter if it's resolved, I suppose.

It would not surprise me if the email was authentic and the clerks in the branch office just pulled an answer out of the air. They verified the phone number was a Chase number, but said that only lends authenticity and most people would then select the link without calling. Maybe give the number a call and tell them this looks like a scam.

On a side note, one time Chase sent me a check for $10. We had no idea why. When we went to the bank to cash the check, we asked why we received it. After about 15 minutes of checking we were told that at first they thought we were pulling some kind of scam and considered calling the police. Then they called the issuing office to inquire. They finally told us no one had any idea why the check was issued and for $10 we should just cash it and have fun with the money.

Sometimes a bank can be too big for their own good or the good of the public.

jtk