Tech Shout!

Email scammers are attempting to fraud online banking customers into handing over sensitive personal account information by conducting a bogus survey that offers a fake $20 reward. The attack, targeted against Chase Manhattan customers, represents the latest development of social engineering attacks by phishing fraudsters.

The bogus email intends to be a survey on the usability of the Chase online banking site from the bank’s online division. But the fact is that the emails are not remotely associated with the bank and point to a bogus site that attempts to extract user names, passwords, PIN number, card verification number, mother’s maiden name and Social Security number from unwary dupes. Any data submitted is sent to a form processing service in India.

Fraudsters have used a website run by a state-operated Chinese bank to host the Chase phishing site. The phishing pages are located in hidden directories within the server of The China Construction Bank (CCB) Shanghai Branch, Netcraft reports, in what it says is the first attempt of one bank’s infrastructure being used to attack another financial institution. CCB’s site also shelters phishing scams targeting other US institutions, including eBay.

Netcraft said that the Netcraft Toolbar, a free phishing protection tool for IE and Firefox users, stops all these attacks.