Security news
Security news13 March 2006
Bogus Chase Manhattan survey aims to phish money from online bankers "In return we will credit $20 to your account", claims email
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of an email scam that poses as a survey from Chase Manhattan bank.
The emails claim that Chase Manhattan's online division is conducting a survey of its users, and will credit $20 to the accounts of those who take part. However, in reality the emails do not come from the bank but point to a bogus website which attempts to steal usernames, passwords and other confidential information from unwary surfers.
The scam claims to be a survey offering a cash reward from the Chase Manhattan bank.
"Email scammers are looking for new ways to fleece the unwary, and this time have come up with a new twist: asking people to help in a survey for a cash reward," said Graham Cluley, senior technology consultant for Sophos. "Internet users who bank online need to be wary of these kinds of tricks, and be extremely careful about what websites they hand their personal information over to before they end up penniless."
Sophos researchers believe that the emails are a variant of the commonly-encountered "Letter from Nigeria" scams, also known as 419 Advanced Fee Fraud, that fool innocent users into believing that a large amount of money will be transferred into their bank account, but are really designed to steal information about the user's identity and bank account, or demand a "handling fee" for the money transfer.
"It's important to realise that Chase Manhattan have done nothing wrong. Scammers are posing as the well known bank because Chase Manhattan is an established and well-trusted name, and they hope it will encourage victims to hand over their credentials," continued Cluley.
Sophos reminds users to be wary of unsolicited emails, and has published information about how individuals can learn how to protect themselves against this and other phishing attacks.
Organizations concerned about being fraudulently represented in phishing campaigns can sign up to the Sophos early warning system, Sophos PhishAlert.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
