Training your customers to be phishing victims, part umpteen.
Perry E. Metzger
perry at piermont.com
Tue Apr 24 20:14:07 EDT 2007
The following is a real email, with minor details removed, in which
J.P. Morgan Chase works hard to train its customers to become phishing
victims.
I've left in the name that the email was sent under -- I see no reason
to protect the guilty. The original version of the email was multipart
alternative, with an HTML version that is, believe it or not, even
worse than the text version.
I've been watching Chase operate like this for a few years now, and
every time I think they've hit the bottom of the ocean of misguided
behavior, they come out with a new demonstration that there are new
depths yet to dive to.
Perry
From: "Chase Business Banking" <ChaseBusinessBanking at reply.chase.com>
Reply-to: ChaseBusinessBanking.XXXXXXXXXXX at reply.chase.com
To: XXXXX at XXXXXXXX.XXX
Subject: Chase Business Customers, we need your help!
Date: Tue, 24 Apr 2007 XX:XX:XX -XXXX
We're working to better serve your business needs!
=================================================================
Dear Business Customer,
We're updating our records and need your help to ensure we have
the most up-to-date information about your business. This is an
important step in ensuring that we can continue to provide you
with timely and accurate information about your accounts.
Go here to answer a couple of questions about your business
profile:
http://click.chase.com/XXXXXXXXX.XXXXX.X.XXXX.XXXXXXXXX
It will take you less than 60 seconds, and then you're done!
And remember, the more we know your business, the better we can
serve your ever-changing needs.
Thanks for choosing Chase.
Sincerely,
Janet M. Hawkins
Chief Marketing Officer
Business Banking
-----------------------------------------------------------------
E-mail Security Information
If you would like to learn more about e-mail security or want to
report a suspicious e-mail, click here:
http://click.chase.com/XXXXXXXXX.XXXXX.X.XXXX
Note: If you are concerned about clicking links in this e-mail,
the Chase Online services mentioned above can be accessed by
typing www.chase.com directly into your browser.
-----------------------------------------------------------------
ABOUT THIS MESSAGE
TO UNSUBSCRIBE from future promotional e-mails from Chase, please
reply to this e-mail and type "UNSUBSCRIBE" in the "Subject" line.
The e-mail address from which you send the request will be removed
from our e-mail list. Please allow ten business days for us to
process your request. You will continue to receive service related
e-mail messages that concern your existing Chase banking products
and services.
If you want to contact Chase, please do not reply to this message,
but instead go to www.chase.com. For faster service, please enroll
or log in to your account. Replies to this message will not be
read or responded to.
Your personal information is protected by advanced technology. For
more detailed security information, view our Online Privacy Policy:
http://click.chase.com/XXXXXXXXX.XXXXX.X.XXXX
To request in writing: Chase Privacy Operations, 451 Florida
Street, Fourth Floor, LA2-9376, Baton Rouge, LA 70801.
JPMorgan Chase Bank, N.A. Member FDIC. Equal Opportunity Lender
(C) 2007 JPMorgan Chase & Co.
XXXXXXXXX
This e-mail was sent to: XXXXXXX at XXXXXXX.XXX
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list