TechRepublic reports that Chase Bank now ranks sixth among the most spoofed brand in phishing URLs and has placed third among financial companies, behind PayPal.
Phishing URLs impersonating Chase rose by 300% between May and August, with phishing kits behind all the malicious URLs. The report also showed that Chase was the second most targeted brand by phishing kits, only behind Microsoft 365, according to a report from Cyren.
Cyren also noted that many phishing kits observed during the time period did not only have email address and password exfiltration capabilities, but were also able to steal Social Security numbers, home addresses, credit card data and other sensitive information, while some kits were even able to obtain one-time use codes. The Chase XBALTI phishing kit has enabled attackers to obtain bank customers' online credentials, SSNs and other personal information, which could then be sold on the Dark Web.
Organizations and individuals could curb phishing attacks by refraining from clicking links or contacting phone numbers in an email or text message; asking peers to review messages of questionable legitimacy; and reviewing texts or emails for inconsistencies.