Friday, April 28, 2006

Chase itself send out suspicious e-mail

The latest Chase episode involves my attempt to provide helpful input. Really.

Part 1: Chase sent me an e-mail warning of certain pfishing attempts and providing guidance from William S. Shelby, Senior Vice-President.

Part 2: However, I thought some of their advice was flawed and told them so. Here's my e-mail:

I received the e-mail enclosed at the bottom from Mr. Shelby.

This contains the following statement: "Asks you to enter your User ID, password or account numbers into an e-mail or non-secure webpage."

I believe this statement is midleading and potentially dangerous. Even if the pfisher has a secure website, this doesn't mean that the pfisher is Chase. The secure website might be www.Bad_Scam.ca or some similar site.

Much better advice is to NEVER enter your ID, password, or any other personal information into any site that you got to by a link contained in an e-mail, or e-mail this information.

===========================
Dear Valued Customer,

We want you to be aware of e-mail scams that attempt to steal your personal and/or account information. Known as "Phishing," ... <snip> ....

you should never respond or reply to - e-mail that:
...Asks you to enter your User ID, password or account numbers into an e-mail or non-secure webpage. ....


William S. Sheley
Senior Vice President


Part 3: The Chase auto-responder (or perhaps a real person with too big a quota of responses to get out by the end of the day to actually READ the input) responded as if Chase's own message was pfishing spam. Maybe they are trying to tell themselves something.

Date:
 04-28-2006 15:24:44
From: Chase Online
Dear M. Kruger:

Thank you for submitting a suspicious e-mail message. We
receive a number of messages from customers and others who
have received suspicious e-mails that appear to have
originated from Chase. ...

[Now, of course, they even repeat the advice I was complaining about]

To help you safeguard your personal and financial
information, we recommend that you be suspicious of any
e-mail that:

...- Asks you to enter your User ID, password or account
numbers into an e-mail or non-secure webpage.
....

Thank you, Selina Hood
Internet Service Center
 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)