Spammers and fraudsters been busy. In a recent attack; JPMorgan Chase customers have been targeted in an Email phishing scam.
In an effort to collect users credentials, the Email ( which looks very similar to JP Morgan emails) directs users to a login page where they enter their credentials. And it does not stop there. The email also installs a malware that collects credentials for other institutions.
Security researchers from the email provider Proofpoint said the “Smash and Grab” phishing campaign tries to lure individuals to click on a malicious link in an email that looks like an authentic message from JPMorgan.
Even if the victim does not enter their credentials, the web page tries to install trojan known as (Dyre) which collects financial institutions credentials.
- Be wary of emails asking for confidential information – especially information of a financial nature.
- Do not use email links to connect to a website unless you are sure they are legit or expected.
- If you receive a phishing email asking you to login. Open a new browser page and login to your bank directly. Any important messages should be listed there.
- Be careful about opening or saving any document or attachment that come with spam mails.
- There is a reason why the email is in the junk folder. Junk folders disables suspicious links. reading the email in the junk folder will allow you to see the content of the message. If you know the sender and the content seems relevant; you may move the message to the inbox.