SurfControl Threat Analysts Tracking Chase Bank Phishing Attack

Scam Using Phone Numbers for Contact

SCOTTS VALLEY, Calif., April 6 /PRNewswire-FirstCall/ -- SurfControl, plc (LSE: SRF - News), the global leader in Internet content protection, today said that its Global Threat Experts have identified a phishing scam with a unique twist -- rather than phishers attempting to redirect recipients to fraudulent Web sites which harvest passwords and account information, this phish targeting the Chase Bank customers, uses only a telephone number as a method of contact. Now that recipients of phish emails have become accustomed to seeing fraudulent phish URLs with particular traits, SurfControl said it is likely that phishers seeking Chase Bank customer's information developed the technique to increase the success rate of the scam. This phish uses scare tactics and a technique distinctive from the typical phishing scams that target financial institutions. SurfControl is warning customers that this new attack could open the door to employees providing credit card and other personal data to the scammers.

SurfControl warns customers of this scam as this phish likely has not been detected by traditional email or Web filtering technologies. SurfControl's layered suite offering protects customers end-to-end through email, Web and desktop filtering.

SurfControl's Global Threat Expert team first discovered this phish in Australia and customers were protected even before the phone number was actually activated. Newly identified scams are being analyzed and added to the SurfControl Email Filter databases around the clock.

How the phish works

The phish uses a toll free number, which would have been registered, possibly using fake names or contact information. The appearance of a toll free number on the phish resonates with the typical toll free phone numbers used by the legitimate Chase Bank. When users dial the toll free number, they are greeted by a recorded message apparently from Chase bank. SurfControl submitted fake information to the phisher to examine the method employed by the scammers. A transcript of this recorded message is below:

Phisher: Welcome to Chase Bank account verification.
Please type your 16 digits card number.
user: [types invalid 16 digit credit card number]
Phisher: Please type your 16 digits card number.
user: [types valid 16 digit credit card number]
Phisher: Please type expiration date, month first year later.
user: [types 4 digit date]
Phisher: Please type the last 4 digits of the primary card
holder's social security.
user: [types 4 digits]
Phisher: Wait please till processing. Thank you. Your
account has been verified.
[Message terminates]

By deploying the SurfControl Email Filter, businesses can actively safe-guard their business from receiving this scam and protect their employees from the risks of divulging personal and financial information.

About SurfControl

SurfControl plc is the leading provider of enterprise threat protection that shields organizations from known and emerging Internet dangers through Layered Threat Protection(SM). The Company has redefined traditional "filtering" into a unified set of Web, e-mail and messaging security solutions that continuously filter inbound and outbound Internet traffic to eliminate spam, spyware, phishing and Web and e-mail abuse. SurfControl provides Adaptive Threat Intelligence(SM) from its Global Threat Experts(SM) to respond quickly with automatic, proactive security updates to protect customers. Customers avoid significant business downtime that impacts productivity and the bottom line while limiting legal liability and enforcing regulatory compliance and confidentiality. SurfControl has more than 20,000 customers worldwide, and employs more than 500 people in offices across the United States, Europe and Asia/Pacific. For further information and news on SurfControl, please visit http://www.surfcontrol.com .

--------------------------------------------------------------------------------
Source: SurfControl plc