The Wisdom Blog

The Wisdom Report

The Wisdom Blog is where we share technology and business insights on an (almost) weekly basis. Subscribe to our RSS feed for automatic notification of new posts. Learn more about RSS

Spotting Web Hoaxes

Today I received a friendly message from Chase Bank informing me that my account had been accessed by an unauthorized third party. Two things made me suspicious: Chase Hoax Email

  • A typo. The message made reference to “and unauthorized third party”, not “an unauthorized third party”. Chase can afford to hire good copy-editors, right?
  • I don’t have an account at Chase.

Curiosity Piqued
Being the inquisitive type, I decided to see where this rabbit hole would take me. So I donned my gullible-hat and I clicked the “Log on Now” button. For this demonstration, my userid was “bozoclown”, with the password “bigrednose”.image

And the system let me in!

Next Screen: Phishing for Information
The next screen made me laugh out loud! Note: I entered random data in all fields. Clicking on the “Submit and Go to Home Page” button takes the visitor to the legitimate Chase site. Very clever. They’re using the real Chase site to give false legitimacy their scam site.

Victims of this scam will not know they’ve been duped until they get a bill in the mail!

How to Avoid Scams Like This
Here are a few things to look for. What would you add to this list?image

  • Look for typos. People who make money this way are lazy. Many times, too lazy to proofread their work.
  • Be suspicious of any requests for information. For example, why would Chase need to request my ATM number online? This scam site was asking for my credit card number. Why didn’t they ask for the type of credit card (Visa, Master Card, Amex, etc.)?
  • When in doubt, call your bank. But don’t use the number that the scammer gives you!
  • Use 128-bit encryption in your browser. If the site doesn’t verify that you’re using 128-bit (or better) encryption, run!
  • Look for the 128-bit encryption icon on your browser, typically in the lower right corner of the browser itself, not on the web page. Any scammer can put an image of a padlock on a web page.

Overall, the web is a wonderful way to do business and save time. Human nature is acted out on the web as with any other social setting. Most sites are legitimate, but a few are nefarious. Be watchful.

Posted February 13, 2006 by Raymond T. Hightower

2 Comments

Raymond HightowerFebruary 13, 2006

This is Joe Badguy from Scammers Unlimited. Shame on you for revealing our latest scheme! We’re watching you, Hightower!

Charles OMarch 1, 2006

My singular advice: be wary of links sent as part of e-mails. My extension to that singular advice: never follow links sent as part of e-mails (unless of course, you absolutely know who sent the e-mail).

Comments are now closed.

Looking for more? Check out the latest posts or peruse the archives.