Security News > 2021 > April > Chase Bank Phish Swims Past Exchange Email Protections

Chase Bank Phish Swims Past Exchange Email Protections
2021-04-28 14:02

Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims - by spoofing real-life customer scenarios.

"These email attacks employed a gamut of techniques to get past traditional email security filters and pass the eye tests of unsuspecting end users," Kumar wrote.

In the first scenario, threat actors sent an email titled "Your Credit Card Statement Is Ready" with the sender name "JP Morgan Chase" with HTML stylings similar to genuine emails sent from Chase, according to the report.

"Microsoft assigned a Spam Confidence Level of '-1' to the email, which meant it skipped spam filtering because Microsoft determined that the email was from a safe sender, to a safe recipient, or was from an email source server on the 'IP Allow' list," Kumar wrote in the report.

The other phishing attack begins with an email titled "URGENT: Unusual sign-in activity" and claimed that the sender was "Chase Bank Customer Care," Kumar said.

The account-verification email also eluded Exchange detections and was deemed safe with a "1" rating on the Spam Confidence Level, Kumar noted.


News URL

https://threatpost.com/chase-bank-phish-sexchange-email-protections/165653/