JPMorgan Victim to Email Phishing Scam
The Target card data breach dominated headlines last year, but it was just one of hundreds of hacking incidents to hit banks and expose the personal information of their customers, according to Verizon's latest Data Breach Investigations Report.
Concern about large-scale ATM fraud and denial-of-service attacks prompted regulators to issue two new alerts warning of various scams and outlining steps banks can take to prevent them.
An attack that shut down the bank's file servers drove Central Bank & Trust to buy a new antivirus solution.
JPMorgan customers were targeted with a phishing scam earlier this week aimed at obtaining online banking credentials.
Security researchers from the email provider Proofpoint said the "Smash and Grab" phishing campaign tries to lure individuals to click on a malicious link in an email that looks like an authentic message from JPMorgan.
Even if customers do not proceed to sign into their JPMorgan bank account, the fraudsters try to automatically install the Dyre banking Trojan on their computers to steal passwords from other institutions, Proofpoint said.
A few dozen JPMorgan customers contacted the bank on Tuesday to report the suspicious emails, said spokeswoman Trish Wexler. The bank immediately contacted its Internet service providers to stop more emails from being distributed.
"This is a very small incident," Wexler said in a phone interview. "We are not aware of any fraud occurring."
JPMorgan Chase, which is the top U.S. bank with $2.5 trillion in total assets, has more than 50 million customers. The bank believes most of the spam was eliminated by fraud filters.
Proofpoint reported that about 150,000 emails were sent on Tuesday.
This story was first reported by Reuters. Mike Horn, the vice president of threat research at Proofpoint, told Reuters that it is unusual for spammers to infect PCs with malware while trying to make customers access their bank accounts because the scam can be detected more easily.
"Usually when they do credential phishing, that is all they do. In this case, they are throwing in the kitchen sink," Horn told Reuters.