Welcome to Orange Frog Productions Scams, Shams & Flim-Flams Section [Banner]

Search this site powered by FreeFind

Page Title:

Please be sure to read my Spoof/Phishing Scams Home Page

NOTE: This page Under Construction/Conversion
This page has not been completely converted to OFPv2 Standards.
When this is completed, this paragraph will go away.
Meanwhile, all external links on this page open a new window.

Things I Did, Below

I, personally, receive email in HTML format. Since the email headers could be included, I did not "forward" the email to get the brief headers. The following was received (and looks) like I received it, with the following exceptions:

  • Any notes I added in the actual letter are in square brackets ("[" "]"), are bold, red in color, and highlighted. If what I found "behind the links" (email or website) are different than what was displayed, I will include them in this type of note.
  • Actual links in the email message have been changed to null (allowing them to still appear as links), have arrows pointing to them ("<=="), have been "named", and appear as one of "my notes" (bold, red in color, and highlighted). They are listed below the email example using the "names".
  • All spelling, spacing, line-wrapping, and punctuation errors are the ones that appeared in the original received email. (I may or may not analyze some or all of these.) This email started with the HTML from the email I received. Most of the HTML and the look is original to the email (making this page non-standard HTML 4.01!)

Scam Example
Received 11/26/2006

Subject: Chase Services : Chase Online Bank Account Needs To Be Updated

email image - chase logo
email image - blue bg
Dear Costumer,

We Have Noticed That Your Chase Online Bank Account Needs To Be Updated, because we have made a new updates on our online banking service and we lost some information of our customer online banking accounts, we are sorry for that but you should update your Chase Online bank account.

You must confirm your credit card details and your billing information as well. All restricted accounts have their billing information unconfirmed, meaning that you may no longer send money from your account until you have updated your billing information on file.

To verify your online account and access your bank account, to be able to send and receive money online. All restricted accounts have their billing information unconfirmed, meaning that you may no longer send money from your account until you have updated your billing information on file.

Click Here to Continue <==[Click Here Link]

You can access more than a dozen features, including links to:
  • See Statements - View your statement and choose to stop receiving paper statements.
  • Manage automatic payments - Set up monthly payments to be made automatically.
  • Transfer a balance - Transfer a balance to your credit card account.
  • Go to Free Alerts - Schedule alerts to be reminded of key account activity.

If you have any problems or questions, please call the Customer Service number on the back of your credit card.

Thanks again for using online payments.

Sincerely,
Cardmember Services

 

[NOTE: I left any names, email addresses, and phone numbers in here for the search engines to find. DO NOT TRY TO CONTACT THEM! I'm SURE you will be ripped off! -LE]

Email Headers

[DO NOT send email to any of the following email addresses]

X-Message-Status: n:0
X-SID-PRA: Chase Card Services <Chase @alert.chase.com>
X-Message-Info: LsUYwwHHNt0ZHxkWoHEUsEM3t/mXlrhuylmA4bsnumk=
Received: from neo.priorweb.be ([213.193.229.40]) by bay0-mc5-f14.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sun, 26 Nov 2006 13:10:49 -0800
Received: (qmail 689 invoked by uid 800); 26 Nov 2006 21:10:32 -0000
Date: 26 Nov 2006 21:10:32 -0000
Message-ID: <20061126211032.688.qmail @neo.priorweb.be>
To: [my email address]
Subject: Chase Services : Chase Online Bank Account Needs To Be Updated
From: Chase Card Services <Chase @alert.chase.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Return-Path: anonymous @neo.priorweb.be
X-OriginalArrivalTime: 26 Nov 2006 21:10:50.0862 (UTC) FILETIME=[59DF30E0:01C7119F]

Notes

Links from email, above: (This information is from the SOURCE of the email.)

  • Image Source (Logo): http:// kanaweb.bankone. com/notifications/events/ ccs_epay/images/ chase_e-mail_header_610x51.gif
  • Image Source (Blue Logo BG): http:// kanaweb.bankone .com/notifications/events/ ccs_epay/images/ blue.gif
  • Click Here Link: http:// www.folkspot .be/temp/chaseonline.com /prospect.php

Things to note in the links:

  • Image Source (Logo) and Image Source (Blue Logo BG): Both of these images are not located at the Chase site. While bankone.com is a site that now goes to chase.com, kanaweb.bankone.com does NOT. It goes to what appears to be a blank page, however, after closing that page out, my browser suddenly got slow and had problems closing. I would not go to that site, if I were you. I would be willing to bet I now have some new spyware or adware I'll have to get rid of.
  • Click Here Link: folkspot.be appears to be a fairly nice site, but with a temp directory containing what appears to be a version of Chase's site (I didn't view it... It just makes sense based on the name), I would be VERY leery of anything on there. (It doesn't appear to be a "permanent directory", like it appears many other spoof sites/emails lead you to.)

Other "problems" and things I see:

  • The various spelling and grammar errors. I seriously doubt a real Chase email would have any such error. (I'm not pointing them out in case they use this scam again!)
  • From the Email Headers:
    • The "Message Id" says this came from Belgium (.be), though everything else says "Chase"! While Chase may have offices/banks in Belgium, why would THEY be sending ANY email to a US email address?
    • The "From" address appears to be a Chase email addresses, although the "alert" subdomain on the front makes it appear questionable..
    • The "To" address WAS to one of MY email addresses, but I can send emails to a list of people and only the recipient's name will show in the "To" by using BCC. I'm VERY willing to bet that I was not the only recipient of this email.
  • There's NO WHERE in the email that mentions MY NAME.
  • Oh, yeah... And while I may have a Chase card somewhere on my credit report, I have NEVER signed into the Chase site that I can recall.

As you can see, the email "looks" very real and official, but with a little checking BEFORE YOU CLICK A LINK OR REPLY, you can find inconsistencies that can save you from a world of hurt! (and empty bank accounts!)

Send comments/questions about this page to Bill Sanders at:

Go to Scams - Spoof/Phishing Scams Home page
Go to Scams - Spoof/Phishing Scams Examples Links

| Home | Main | Owner | Scams, Shams & More Flim-Flams | Glossary | Sitemap | Contact |

Send email to Bill Sanders ()
with questions or comments about this page or site.

This site, all text and graphics (unless otherwise noted) on it
were designed, developed and published by Bill Sanders of Orange Frog Productions.
It and it's CSS was validated and complies with both the: CSS and HTML 4.01 validators from W3C.
NOTE: All CSS validates except the "New Window Buttons" which include some invalid code (ie: hacks),
added PicoSearch Tables, and warnings for using transparent backgrounds when color foregrounds defined.
Copyright © 2003, 2004, 2005, 2006, 2007 by Bill Sanders / Full site last modified: October 21, 2006
Any reproduction, printing, or selling of this content is prohibited without express written consent from William D. Sanders.
ctr