An astute employee caught this phish fresh this morning. It’s yet another in the long line of legit-looking scams that seems the be characterizing 2015 as the year of the phish.
The email claims to come from Chase Bank, and it includes both the Chase logo and link text that seems legitimate at first. The writing closely emulates the generic messages typically generated by automatic systems. At first glance, this email seems trustworthy.
But there are a few giveaways. First, the sender is a zoho.com account, which definitely means it’s not from Chase. Hovering a cursor over the link text in the email reveals that the link actually goes to “demo-7.com/chase/Logon.htm” and not to a chase.com address like the one the email shows you. Note also the spaces in the URL; formatting like this is a good sign that the link has been manually created because email systems and browsers will not automatically recognize fragmented links. These systems generally look for continuous strings of characters containing a .com or http:// and stop at the first space.
The rise in convincing email forgeries highlights our shared responsibility to stay vigilant for phishing scams. Remember, you are a target. Information security is everyone’s responsibility.