Wow, this is scary. Chase Bank Online Scam with user profile. - Great Lakes 4x4. The largest offroad forum in the Midwest

Go Back   Great Lakes 4x4. The largest offroad forum in the Midwest > General 4x4 Stuff > The Pub
GL4x4 Live! GL4x4 Casino

The Pub A friendly forum where everybody is nice, and will answer any questions you have about life.

greatlakes4x4.com is the premier Great Lakes 4x4 Forum on the internet. Registered Users do not see the above ads.
Search
Reply
 
Thread Tools Search this Thread
Old January 15th, 2008, 05:54 PM   #1
clarkstoncracker
lol
 
clarkstoncracker's Avatar
 
Join Date: 11-03-05
Location: OC - MI
Posts: 42,759
iTrader: (40)
Mentioned: 155 Post(s)
Send a message via AIM to clarkstoncracker
Default Wow, this is scary. Chase Bank Online Scam with user profile.

I'm not an idiot. Well, mostly not an idiot, but I almost got scammed.

I go to login to my chase account from my laptop at home using internet explorer to transfer some funds. I go to chase.com, I enter my log in information, and it forwards me to a page I've never seen. Asking me to verify every single personal number imaginable.

I was pissed, because I didn't have my routing number, so I went up stairs to grab my checkbook, and I get back to the computer. I accidentally closed the wrong window in IE.

I load up firefox, I go to chase.com and I login, and presto, I'm in.

So now I'm confused, why did chase want to verify my info, and now they don't care?

I open up IE, and login.. Same "update profile" page.

The page asking for information is a fraud! I know this, because I called chase, and they said they have never heard of this, and they NEVER ask for this kind of information. long conversation short, they froze all of my chase accounts while I get new accounts setup.

Both my desktop and laptop go to this page while using internet explorer. I have searched EVERYWHERE for info on this, and I can't find anything.

I run up to the minute virus protection, I have both a hardware firewall, as well as xp's firewall (on the laptop) and vista's firewall (on the desktop).

I have ran ad-aware, as well as hijackthis, and everything comes back clean.

What the hell is going on here? And how are the scammers pulling this off?

the "phishing" web address is:

h ttps://chaseonline.chase.com/online/AgentFCCServlet (edited to make it non clickable)


I will attach screen shots as well as the page source in a txt file!

click to make screenshots larger.






be careful, and can somebody loan me a hundred bucks until my accounts are back open?
Attached Files
File Type: txt chasescam.txt (90.4 KB, 64 views)
__________________

Last edited by clarkstoncracker; January 15th, 2008 at 06:02 PM.
clarkstoncracker is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old January 15th, 2008, 06:01 PM   #2
DetR6oit
Senior Member
 
Join Date: 11-16-05
Location: Detroit
Posts: 655
iTrader: (2)
Mentioned: 2 Post(s)
Default

never seen that but I always use firefox thanks for the heads up though
DetR6oit is offline   Reply With Quote
Old January 15th, 2008, 06:02 PM   #3
deuce228
Redneck Poser
 
deuce228's Avatar
 
Join Date: 11-07-05
Location: West Branch, MI
Posts: 7,971
iTrader: (8)
Mentioned: 0 Post(s)
Default

Why would a firefox promoter such as yourself be using I.E?
deuce228 is offline   Reply With Quote
Old January 15th, 2008, 06:03 PM   #4
87'YJ
Jeeps, Journey and Jesus
 
87'YJ's Avatar
 
Join Date: 11-07-05
Location: Columbus
Posts: 1,651
iTrader: (2)
Mentioned: 0 Post(s)
Default

Scary as hell
87'YJ is offline   Reply With Quote
Old January 15th, 2008, 06:04 PM   #5
Smiley
Senior Member
 
Smiley's Avatar
 
Join Date: 12-26-05
Location: Byron Center
Posts: 813
iTrader: (1)
Mentioned: 0 Post(s)
Default

There are trojans that can change your dns server to use a fake one as a proxy, so it sends you to false websites.

You have an infection. Remove the drives from the systems and then scan those hard drives for viruses / trojans with another clean system.
Smiley is online now   Reply With Quote
Old January 15th, 2008, 06:05 PM   #6
clarkstoncracker
lol
 
clarkstoncracker's Avatar
 
Join Date: 11-03-05
Location: OC - MI
Posts: 42,759
iTrader: (40)
Mentioned: 155 Post(s)
Send a message via AIM to clarkstoncracker
Default

Quote:
Originally Posted by deuce228 View Post
Why would a firefox promoter such as yourself be using I.E?
I use the alexa toolbar in IE sometimes.. When I'm trying to find websites like other sites. Its an absolute fluke I tried logging in with IE.

I don't even have a bookmark in IE.. And I didn't want to gum up firefox with the alexa toolbar.
__________________
clarkstoncracker is offline   Reply With Quote
Old January 15th, 2008, 06:06 PM   #7
mideerslayer
NEVER GIVE UP!
 
mideerslayer's Avatar
 
Join Date: 04-27-06
Location: Clinton Township
Posts: 3,865
iTrader: (30)
Mentioned: 0 Post(s)
Default

Quote:
Originally Posted by clarkstoncracker View Post
I'm an idiot. Well, mostly an idiot, but I almost got scammed.



be careful, and can somebody loan me a hundred bucks until my accounts are back open?
I have $10 I can loan you :tonka:
mideerslayer is offline   Reply With Quote
Old January 15th, 2008, 06:52 PM   #8
mpwal099
Stick it up your ass
 
mpwal099's Avatar
 
Join Date: 03-05-06
Location: Plymouth
Posts: 3,070
iTrader: (11)
Mentioned: 0 Post(s)
Default

That's effed up for sure. I just tried logging in to ours using IE for shits and giggles and was able to get in just fine.
mpwal099 is offline   Reply With Quote
Old January 15th, 2008, 07:01 PM   #9
Monkeyevil
I <3 Miatas
 
Monkeyevil's Avatar
 
Join Date: 11-05-05
Location: Kalamazoo, MI
Posts: 8,988
iTrader: (16)
Mentioned: 3 Post(s)
Send a message via AIM to Monkeyevil
Default

Check your host file.

c:\winnt\system32\drivers\etc\hosts
__________________
JcrOffroad
Zoom Zoom!
Monkeyevil is offline   Reply With Quote
Old January 15th, 2008, 08:26 PM   #10
Romey
Senior Member
 
Romey's Avatar
 
Join Date: 11-05-05
Location: Waterford MI
Posts: 1,958
iTrader: (1)
Mentioned: 0 Post(s)
Default

Quote:
Originally Posted by Monkeyevil View Post
Check your host file.

c:\winnt\system32\drivers\etc\hosts
That would cause the same problem with firefox.
Romey is offline   Reply With Quote
Old January 15th, 2008, 08:38 PM   #11
JEEPR
Playing Possum
 
JEEPR's Avatar
 
Join Date: 11-05-05
Location: Harrison Township
Posts: 6,744
iTrader: (9)
Mentioned: 0 Post(s)
Default

Huh.. That's weird. How can they do that? It would seem like it has to be something on your computer.

Is it a non-secure web site?
JEEPR is offline   Reply With Quote
Old January 15th, 2008, 08:43 PM   #12
clarkstoncracker
lol
 
clarkstoncracker's Avatar
 
Join Date: 11-03-05
Location: OC - MI
Posts: 42,759
iTrader: (40)
Mentioned: 155 Post(s)
Send a message via AIM to clarkstoncracker
Default

Quote:
Originally Posted by Monkeyevil View Post
Check your host file.

c:\winnt\system32\drivers\etc\hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
__________________
clarkstoncracker is offline   Reply With Quote
Old January 15th, 2008, 09:03 PM   #13
Smiley23
Senior Member
 
Smiley23's Avatar
 
Join Date: 07-22-07
Location: MI
Posts: 2,153
iTrader: (3)
Mentioned: 0 Post(s)
Default

FYI - Phish:

Same code Kelly posted:

http://www.castlecops.com/modules.ph...&id=90088&in=1
Smiley23 is offline   Reply With Quote
Old January 15th, 2008, 09:27 PM   #14
techman
Senior Member
 
Join Date: 09-04-06
Location: SE MI
Posts: 695
iTrader: (7)
Mentioned: 0 Post(s)
Default

Quote:
Originally Posted by Smiley23 View Post
FYI - Phish:

Same code Kelly posted:

http://www.castlecops.com/modules.ph...&id=90088&in=1
My security guy sent out an email earlier today about a trojan hijack

Trojan.Silentbanker (aka Spy-Agent.cm) was first discovered on January 14th, 2008. Protection against this Trojan was added to the HFHS system on January 15th at 12:13PM (dat file # 5208).


Another new Trojan intercepts online banking information
Brad Reed

January 14, 2008 (Network World) A new Trojan program is targeting unwitting users' bank data by intercepting account information before it is encrypted and sending it to an attacker's central database.

The Trojan, dubbed Trojan.Silentbanker by security software company Symantec, can intercept online banking transactions that normally are well guarded by two-factor authentication procedures. During a banking transaction, Silentbanker will change the user's bank account details over to the attacker's account, all the while mimicking what the user would expect to see from a typical banking transaction. Because users have no idea their account data has been changed, they then unknowingly send money to the attacker's account after entering their second authentication password.

Although the Trojan.Silentbanker is listed by Symantec as having a low level of distribution and being easy to remove from infected machines, Symantec security response team member Liam O'Murchu says it still poses a danger because of its ability to work without users detecting it.

"The scale and sophistication of this emerging banking Trojan is worrying, even for someone who sees banking Trojans on a daily basis," writes O'Murchu on Symantec's security response blog. "This Trojan downloads a configuration file that contains the domain names of over 400 banks. Not only are the usual large American banks targeted but banks in many other countries are also targeted, including France, Spain, Ireland, the UK, Finland, Turkey -- the list goes on."

The Trojan can be "downloaded or delivered silently through Web exploits," according to Symantec. Once it has been loaded to a machine, it can hook onto various APIs in both Internet Explorer and Firefox. As soon as the program is in place on a Web browser, it is free to cause all kinds of mischief, including redirecting legitimate banking requests to attacker-controlled computers; altering the HTML of pages shown to the user; and recording user names and passwords, as well as capturing screenshots of any Web pages the user visits.

Additionally, says O'Murchu, the Trojan can constantly update itself, as it relays URLs and HTML from banking Web sites to the attackers on a daily basis. "Using these submissions they can target banks for which they do not have bank accounts already," he says. "We are currently monitoring all of the updates to this Trojan."

Symantec recommends users take several steps to guard themselves against this Trojan, including disabling system restore before getting rid of the virus, to ensure the system doesn't inadvertently back up a copy of the Trojan software; making sure all virus definitions are updated on their antivirus software; running a full virus scan of their machines; and finally, deleting the value from their registry.

The Silentbanker Trojan is not the first Trojan aimed at attacking bank accounts in recent weeks. Late last year, for instance, security firm SecureWorks discovered a botnet-controlled Trojan called the "Prg Banking Trojan" that is believed to have affected customers from more than a dozen banks in the United States, the United Kingdom, Italy and Spain.
techman is offline   Reply With Quote
Reply
Great Lakes 4x4. The largest offroad forum in the Midwest > General 4x4 Stuff > The Pub

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:45 PM.


Powered by: vBulletin, Copyright 2000 - 2012, Jelsoft Enterprises Ltd.
User Alert System provided by Advanced User Tagging (Lite) - vBulletin Mods & Addons Copyright © 2014 DragonByte Technologies Ltd. Runs best on HiVelocity Hosting.
Page generated in 0.29990 seconds with 64 queries