Rewterz Threat Alert – Chase Themed Phishing Campaign

Severity

Medium

Analysis Summary

A recent campaign of chase themed phishing emails has been observed and is being sent actively to different users containing an embedded url.

The body of the email looks like this:

******** INTERNET EMAIL SECURITY ADVISORY ******** Think Before You Click! Suspicious? Contact Tech Support! ******** INTERNET EMAIL SECURITY ADVISORY ********

This is a secure message from Chase Smallbusiness.

Hello ,

You scheduled a payment of $2,110.64 for your account ending in Regular Personal Checking-4077.

hxxps://secmail[.]Chase[.]com/formpostdir/securereader?id=wKBgK-4O7ktmM5dO5tT3_gXeQFACuH-xY&brand=04044160 <Embedded URL>

You scheduled a payment of $2,110.64 for your account ending in Regular Personal Checking-4077. 

Banking, credit card, automobile loans, mortgage and home equity products are provided by Chase, N.A. and affiliated banks, Members FDIC and wholly owned subsidiaries of Chase Corporation. Credit and collateral are subject to approval. Terms and conditions 
apply. This is not a commitment to lend. Programs, rates, terms and conditions are subject to change without notice.

Questions about banking, mortgage, and investment services?
Call 1-800-869-3557, 24 hours a day – 7 days a week
Small business customers 1-800-225-5935
24 hours a day – 7 days a week

Indicators of Compromise

Remediation

• Block the threat indicators at their respective controls.
• Always be suspicious of the emails being sent from users that are unknown.
• Never click on the links/ attachments sent on emails by unknown senders.