by scam-buster
Wed Feb 05, 2014 8:10 am
I received the following yesterday purportedly to check on "irregular activity" on my account - I do not have nor have ever had a Chase account. I suspect they want financial data from me and that the attached "Forms" contain a virus - the stinger.
x-store-info:4r51+eLowCe79NzwdU2kRwMf1FfZT+JroIuFAV4dPLK/MFViRW1xIeEG2VI9cdNMSz2EssoDmT2h4wuBXWdGUv6+gITrlGUwrPOP5nK15P71jtero6fu9AaXP6o57ePC+B44Ewy4Nn0=
Authentication-Results: hotmail.com; spf=none (sender IP is 85.236.38.219) [email protected]; dkim=none header.d=support.com; x-hmca=none [email protected]
X-SID-PRA: [email protected]
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 11chDOWqoTlDH6QlznwMAsvd8RzD9uRMkSILeCSdqQHTuR3Y1/nvhIJYY6H5rBGBBxlbLQhQw6NdpjV+1cgL4DnZwZxznscY5RXCOWLALb9W71t4+ZXaAnlS4dBZZukT9iMIYvl2lvMKsmOkko5I1zogcaeTLIipb1zZLia0cTwZEAnI2thL8vDeeTuWMdO58xFbGQohSG7nASIwuu6L4lGaD4VSwAkm
Received: from 219-38-236-85.rev.customer-net.de ([85.236.38.219]) by SNT0-MC3-F21.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Tue, 4 Feb 2014 10:25:19 -0800
Received: (qmail 28056 invoked from network); 4 Feb 2014 13:26:00 +0100
Received: from unknown (HELO User) (185.7.214.50)
by 219-38-236-85.rev.customer-net.de with SMTP; 4 Feb 2014 13:25:59 +0100
From: "Chase Online(SM)"<[email protected]>
Subject: Important Security Message
Date: Tue, 4 Feb 2014 13:26:50 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_005D_01C2A9A6.5EBBD008"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: [email protected]
Message-ID: <[email protected]>
X-OriginalArrivalTime: 04 Feb 2014 18:25:19.0875 (UTC) FILETIME=[75B81530:01CF21D6]
This is a multi-part message in MIME format.
------=_NextPart_000_005D_01C2A9A6.5EBBD008
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.6000.16982" name="GENERATOR"></HEAD>
<BODY>
<DIV class="SandboxScopeClass ExternalClass" id="mpf0_MsgContainer">
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">
<TABLE cellSpacing="0" cellPadding="0" width="600" align="center" border="0">
<TBODY>
<TR>
<TD align="left"><IMG height="51" alt="" src="http://chusvfd.chase.adeptra.net/1381/chase_logo.gif" width="155" border="0"> </TD>
<TD align="right"><BR></TD></TR></TBODY></TABLE>
<TABLE cellSpacing="0" cellPadding="0" width="600" align="center" border="0">
<TBODY>
<TR>
<TD colSpan="5"><IMG height="34" alt="" src="http://chusvfd.chase.adeptra.net/1381/v2_top.gif" width="600" border="0">
</TD></TR>
<TR>
<TD background="http://chusvfd.chase.adeptra.net/1381/pix_blu.gif" bgColor="#0467bc"><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="1" border="0">
</TD>
<TD><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="18" border="0">
</TD>
<TD vAlign="top">
<P><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="400" border="0">
<BR><FONT face="verdana,arial,helvetica,sans-serif" color="#000000" size="4"><STRONG>Important Security Message</STRONG> </FONT><SPAN>
</SPAN><BR><FONT style="FONT-SIZE: 12px; LINE-HEIGHT: 18px" face="verdana,arial,helvetica,sans-serif" color="#000000" size="2"><BR><BR>Dear
Chase Online(SM) Customer: <BR><BR>Due to irregular activity on your Chase
Online(SM) Banking account,we need to confirm your identity. <BR>In the
first instance we use Secure Online Identification and if this is
successful,<BR>that is all that is required to secure your online
account.</FONT></P>
<P><FONT style="FONT-SIZE: 12px; LINE-HEIGHT: 18px" face="verdana,arial,helvetica,sans-serif" color="#000000" size="2"><STRONG>Submit the form attached to your email in order to secure
your CHASE Account</STRONG>.<BR></FONT></P>
<P><FONT style="FONT-SIZE: 12px; LINE-HEIGHT: 18px" face="verdana,arial,helvetica,sans-serif" color="#000000" size="2">As part of
our security checks we usually ask you for some personal
details.<BR><BR><BR>For your protection, transactions on your account may
be limited until we are able to confirm your identity. We realize that
this precaution may cause you some inconvenience; however keeping your
account safe is our top priority. <BR><BR><STRONG><SPAN style="BACKGROUND: none transparent scroll repeat 0% 0%"></SPAN></STRONG><SPAN style="BACKGROUND: none transparent scroll repeat 0% 0%"></SPAN><BR><BR>Thank
you. <BR><BR>Sincerely, <BR><IMG height="100" alt="" src="http://chusvfd.chase.adeptra.net/1381/christopher_signature.gif" width="200" border="0"> <BR>Christopher J. Palumbo <BR>Senior Vice President
<BR><SPAN class="ecxil">Chase</SPAN> Fraud Prevention <BR><BR><BR>Please Do
Not Reply to this Email. This is a notification-only email that cannot
accept incoming replies. <BR><BR></P></FONT></TD>
<TD><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="18" border="0">
</TD>
<TD background="http://chusvfd.chase.adeptra.net/1381/pix_blu.gif" bgColor="#0467bc"><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="1" border="0">
</TD></TR>
<TR>
<TD background="http://chusvfd.chase.adeptra.net/1381/pix_blu.gif" bgColor="#0467bc" colSpan="5"><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="1" border="0">
</TD></TR></TBODY></TABLE></DIV></DIV></BODY></HTML>
------=_NextPart_000_005D_01C2A9A6.5EBBD008
Content-Type: application/octet-stream;
name="Chase_attached_form.html"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Chase_attached_form.html"
x-store-info:4r51+eLowCe79NzwdU2kRwMf1FfZT+JroIuFAV4dPLK/MFViRW1xIeEG2VI9cdNMSz2EssoDmT2h4wuBXWdGUv6+gITrlGUwrPOP5nK15P71jtero6fu9AaXP6o57ePC+B44Ewy4Nn0=
Authentication-Results: hotmail.com; spf=none (sender IP is 85.236.38.219) [email protected]; dkim=none header.d=support.com; x-hmca=none [email protected]
X-SID-PRA: [email protected]
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 11chDOWqoTlDH6QlznwMAsvd8RzD9uRMkSILeCSdqQHTuR3Y1/nvhIJYY6H5rBGBBxlbLQhQw6NdpjV+1cgL4DnZwZxznscY5RXCOWLALb9W71t4+ZXaAnlS4dBZZukT9iMIYvl2lvMKsmOkko5I1zogcaeTLIipb1zZLia0cTwZEAnI2thL8vDeeTuWMdO58xFbGQohSG7nASIwuu6L4lGaD4VSwAkm
Received: from 219-38-236-85.rev.customer-net.de ([85.236.38.219]) by SNT0-MC3-F21.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Tue, 4 Feb 2014 10:25:19 -0800
Received: (qmail 28056 invoked from network); 4 Feb 2014 13:26:00 +0100
Received: from unknown (HELO User) (185.7.214.50)
by 219-38-236-85.rev.customer-net.de with SMTP; 4 Feb 2014 13:25:59 +0100
From: "Chase Online(SM)"<[email protected]>
Subject: Important Security Message
Date: Tue, 4 Feb 2014 13:26:50 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_005D_01C2A9A6.5EBBD008"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: [email protected]
Message-ID: <[email protected]>
X-OriginalArrivalTime: 04 Feb 2014 18:25:19.0875 (UTC) FILETIME=[75B81530:01CF21D6]
This is a multi-part message in MIME format.
------=_NextPart_000_005D_01C2A9A6.5EBBD008
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.6000.16982" name="GENERATOR"></HEAD>
<BODY>
<DIV class="SandboxScopeClass ExternalClass" id="mpf0_MsgContainer">
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">
<TABLE cellSpacing="0" cellPadding="0" width="600" align="center" border="0">
<TBODY>
<TR>
<TD align="left"><IMG height="51" alt="" src="http://chusvfd.chase.adeptra.net/1381/chase_logo.gif" width="155" border="0"> </TD>
<TD align="right"><BR></TD></TR></TBODY></TABLE>
<TABLE cellSpacing="0" cellPadding="0" width="600" align="center" border="0">
<TBODY>
<TR>
<TD colSpan="5"><IMG height="34" alt="" src="http://chusvfd.chase.adeptra.net/1381/v2_top.gif" width="600" border="0">
</TD></TR>
<TR>
<TD background="http://chusvfd.chase.adeptra.net/1381/pix_blu.gif" bgColor="#0467bc"><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="1" border="0">
</TD>
<TD><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="18" border="0">
</TD>
<TD vAlign="top">
<P><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="400" border="0">
<BR><FONT face="verdana,arial,helvetica,sans-serif" color="#000000" size="4"><STRONG>Important Security Message</STRONG> </FONT><SPAN>
</SPAN><BR><FONT style="FONT-SIZE: 12px; LINE-HEIGHT: 18px" face="verdana,arial,helvetica,sans-serif" color="#000000" size="2"><BR><BR>Dear
Chase Online(SM) Customer: <BR><BR>Due to irregular activity on your Chase
Online(SM) Banking account,we need to confirm your identity. <BR>In the
first instance we use Secure Online Identification and if this is
successful,<BR>that is all that is required to secure your online
account.</FONT></P>
<P><FONT style="FONT-SIZE: 12px; LINE-HEIGHT: 18px" face="verdana,arial,helvetica,sans-serif" color="#000000" size="2"><STRONG>Submit the form attached to your email in order to secure
your CHASE Account</STRONG>.<BR></FONT></P>
<P><FONT style="FONT-SIZE: 12px; LINE-HEIGHT: 18px" face="verdana,arial,helvetica,sans-serif" color="#000000" size="2">As part of
our security checks we usually ask you for some personal
details.<BR><BR><BR>For your protection, transactions on your account may
be limited until we are able to confirm your identity. We realize that
this precaution may cause you some inconvenience; however keeping your
account safe is our top priority. <BR><BR><STRONG><SPAN style="BACKGROUND: none transparent scroll repeat 0% 0%"></SPAN></STRONG><SPAN style="BACKGROUND: none transparent scroll repeat 0% 0%"></SPAN><BR><BR>Thank
you. <BR><BR>Sincerely, <BR><IMG height="100" alt="" src="http://chusvfd.chase.adeptra.net/1381/christopher_signature.gif" width="200" border="0"> <BR>Christopher J. Palumbo <BR>Senior Vice President
<BR><SPAN class="ecxil">Chase</SPAN> Fraud Prevention <BR><BR><BR>Please Do
Not Reply to this Email. This is a notification-only email that cannot
accept incoming replies. <BR><BR></P></FONT></TD>
<TD><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="18" border="0">
</TD>
<TD background="http://chusvfd.chase.adeptra.net/1381/pix_blu.gif" bgColor="#0467bc"><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="1" border="0">
</TD></TR>
<TR>
<TD background="http://chusvfd.chase.adeptra.net/1381/pix_blu.gif" bgColor="#0467bc" colSpan="5"><IMG height="1" alt="" src="http://chusvfd.chase.adeptra.net/1381/pixel.gif" width="1" border="0">
</TD></TR></TBODY></TABLE></DIV></DIV></BODY></HTML>
------=_NextPart_000_005D_01C2A9A6.5EBBD008
Content-Type: application/octet-stream;
name="Chase_attached_form.html"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Chase_attached_form.html"