Hackers have begun targeting JPMorgan Chase bank customers in a unique email phishing campaign that collects more than just banking credentials by installing malware on the system to harvest other sensitive banking credentials.
New phishing campaign dubbed, Smash and Grab, launched Tuesday with an extremely large spam email blast that urged Chase bank customers to click and view a secure message from JPMorgan, according to security researchers at email provider Proofpoint Inc, Reuters reported.
JPMorgan, more formally known as Chase Bank, is the number one bank in the United States based on assets, and has confirmed that spammers have infact launched a phishing campaign targeting their customers.
“It looks like they sent it out to lots of people in hopes that some of them might be JPMorgan Chase customers,” bank spokeswoman Trish Wexler, told Reuters.
Wexler said the bank believes a majority of the spam was stopped by filters in place by internet and email providers, adding that the email did look legitimate as attackers apparently used a screen grab from an authentic email JPMorgan previously sent to customers.
Users who click the malicious link are prompted to insert their banking credentials to access their Chase bank account. Even if the user denies to input credentials, the malicious website will try and install the Dyre banking Trojan on their PC, according to Proofpoint.
Dyre is a new piece of malware that seeks to target highly popular banking credentials including those from Bank of America Corp, Citigroup Inc and the Royal Bank of Scotland Group Plc, according to email security firm Phishme.
Mike Horn, Proofpoints Vice President of Threat Research, said it is unusual for spammers to seek out to infect PCs with malware alongside trying to phish the users credentials as the will increase the chance of detection.
“Usually when they do credential phishing, that is all they do. In this case, they are throwing in the kitchen sink,” Horn said.
Proofpoint reported to have seen about 150,000 emails sent from the cybercriminals Tuesday, this is when the company noticed the campaign begin to target their customers in Fortune 500 and higher education based companies.
Horn said Proofpoint quickly identified the spam and was able to stop the attackers from affecting or infecting their customers, but was not sure how effective it was outside their market.
Horn said Proofpoint is unaware who was behind the massive email attack, but found most of the campaign’s infrastructure to be rooted in Russia and Ukraine, and tactics used in this attack were common to those found in Eastern European cybercrime gangs.
Beware of this highly sophisticated JPMorgan Chase Bank email phishing scam!
Photo credit: wikipedia.org