Text Message Phishing

[hyperlinked]

I just got this text message on my BlackBerry:

JPM_EFS@chaseonline.chase.com / JP Morgan Chase. Not a sales message. Please call 1.877.303.7014 immediately about recent activity on your account. Thank you.

Sounded strange and the phone number wasn't the same one as on my credit card, but I called anyway. The number had been disconnected.

I searched online and found that some people who had called while the number was operating were asked to enter their account information into an automated menu tree.

Bastards!

[Mental Hobbit]

[hyperlinked]

Please tell me that's a joke.

[Mental Hobbit]

No idea, I've never seen it as an actual form. But I bet it would work well.

[Nonmouse]

Nothing worse than being stranded in the Outback forced to eat kangaroos.

How did you fit a kangaroo into a Subaru, much less kangaroos?

[Voixdelion]

I just got this text message on my BlackBerry:

JPM_EFS@chaseonline.chase.com / JP Morgan Chase. Not a sales message. Please call 1.877.303.7014 immediately about recent activity on your account. Thank you.

Sounded strange and the phone number wasn't the same one as on my credit card, but I called anyway. The number had been disconnected.

I searched online and found that some people who had called while the number was operating were asked to enter their account information into an automated menu tree.

Bastards!

This is a fairly common ruse now.  There are some, as ripster says, will even call you on the phone with some phony story about "suspicious activity" and wanting to check that some charge is genuine.  Lots of people react before thinking an end up giving out their account info.  My mother got hit when she called a store  to cancel a legitimate order she had placed, and even though they should have been able to do so with just the last few digits of the # or her name and/or address/phone#, they asked for her entire card #, expiration and security code on the back.   It didn't occur to her that might not be necessary to divulge all of that until shortly after she got a call asking if she had placed an order with Ticketmaster for $200...

Kind of like along the same lines the "Paypal reciepts" I get for stuff I didn't buy - they hope you will panic and click through to report your account being hijacked.  Yeah - Bastards.  I really miss the "honor code" that was so strictly enforced at my high school.  It was a Zero tolerance act right or else kinda thing.  My first year there was a student that was summarily expelled for taking a baggie containing a few tootsie rolls that was taped to the outside of another students locker.

[ironcoder]

I just got this text message on my BlackBerry:

JPM_EFS@chaseonline.chase.com / JP Morgan Chase. Not a sales message. Please call 1.877.303.7014 immediately about recent activity on your account. Thank you.

Sounded strange and the phone number wasn't the same one as on my credit card, but I called anyway. The number had been disconnected.

I searched online and found that some people who had called while the number was operating were asked to enter their account information into an automated menu tree.

Bastards!

Text as in SMS or email? If email, you should be able to forward it to a desktop client and take a look at the headers. You can usually get enough info to rat the bastard out to his ISP, although I don't know if it goes any further than that. Or file a complaint with the feds. They have a special hotline for internet crime plus whenever banking is involved it upps the priority.

[hyperlinked]

Text as in SMS or email? If email, you should be able to forward it to a desktop client and take a look at the headers. You can usually get enough info to rat the bastard out to his ISP, although I don't know if it goes any further than that. Or file a complaint with the feds. They have a special hotline for internet crime plus whenever banking is involved it upps the priority.

It was an SMS, which is how it caught me off guard. I don't text message much so I'm not used to getting SMS spam and phishing attempts. They also just happened to impersonate a card issuer that I've had fraud problems with before in the past so it was a very unlucky confluence of factors on my end that I almost fell for.

[ironcoder]

That's very, very wierd.

[hyperlinked]

That's very, very wierd.

Yeah, that's what I thought. I run a hosting service that's just open to my Web development clients so I'm used to getting all sorts of phishing emails from my clients forwarded to me in addition to my own. I can spot them from a mile away.

Phishing emails try to bury their true intention with lots of smokescreen so you don't realize the real identity of the destination you're logging into. I've learned all their tricks, but it was the sheer lack of complexity of the SMS that totally caught me off guard.

[bhtooefr]

Here, the SMS phishers usually go for US Bank cards issued by Ohio's Job and Family Services for unemployment compensation.

What's sad is, that's actually a significant part of the population. (Then again, how many of them are getting it deposited in a ODJFS-issued debit card, versus taking paper checks, or direct deposited in their normal bank account? It wasn't exactly hard to set up direct deposit...)

[ricercar]

I got that SMS, too. Maybe it's geographically aware.

Fortunately I have no such account with JP, so the intention was unambiguous.

[hyperlinked]

I got that SMS, too. Maybe it's geographically aware.

Fortunately I have no such account with JP, so the intention was unambiguous.

Are you on T-mobile? Or does your phone number start with 455?

[ricercar]

Neither. Sprint 813. But I bet we share 408.