“Action required” email purporting to be from Chase Bank claims that you must click a link to confirm that you or someone authorized to use your debit card made a recent transaction.
The email is not from Chase. It is a phishing scam designed to steal your Chase Bank account login details, your credit card numbers, and other personal information.
Subject: Action Required: Please Confirm Activity
Dear Chase OnlineSM Customer,We need to confirm that you or someone authorized to use your Debit Card
transacted the following :
View All Transaction(s) :
Thank you for being a valued customer.Customer Service Center.
JPMorgan Chase & Co ©2016
According to this email, which claims to be from Chase Bank, your action is required regarding recent account activity. The email includes a “View all Transactions” link. Supposedly, the bank needs to confirm that you or someone authorized to use your Debit Card
made these transactions. The email includes the Chase logo as well as footer copyright information.
Despite its appearance, however, the email is not from Chase Bank and the claim that you must click a link to confirm account activity is not true. In fact, the email is a phishing scam designed to steal your Chase account login details, your credit card numbers, and other personal information.
If you click the link, you will be taken to a fraudulent web page designed to emulate the genuine Chase Bank website. Once on the fake site, you will be asked to sign in with your username and password. After signing in, you will be taken to a fake “Confirm Activity” form that asks for your credit card details, your name, address, and contact details, and other identifying information.
Criminals can later collect all of the information you supplied and use it to hijack your Chase and credit card accounts and commit fraudulent transactions in your name. If the criminals have managed to gather enough of your personal information, they may also attempt to steal your identity.
Scams like this are very common. Be wary of any email from your bank that claims that you must click a link or open an attached file to deal with an account issue or confirm account details. It is always safest to login to your online accounts by entering the address into your browser’s address bar or via a trusted app.
Chase has published information about such phishing attacks on its website.
Last updated: January 19, 2017
First published: January 19, 2017
By Brett M. Christensen
Chase – How to spot suspicious emails