October 2014: Phishing

Recent news reports about the data breach at JPMorgan Chase have highlighted the point that hackers did not obtain any financial information or other sensitive personal information such as social security numbers. While this is certainly good news, it is important to realize the potential dangers from what they did actually obtain. The breach has exposed the names, addresses, emails, and phone numbers for about 83 million customers - setting up the potential for large scale phishing attacks, identity theft, and other social engineering attacks.

A potentially related SMS text message was reportedly sent out to the phones of 2000 Chase customers in Florida this summer. This SMS text message read as follows:

"JPMorgan Chase Bank, N.A. notification: You have a new message regarding your Chase account. Please tap the link bellow to read it: http ://tinyurl.com/[REDACTED]"

This link, when clicked, could prompt the user to enter in login details. If successful, the hackers that initially only obtained names and email addresses would then have direct access to compromised accounts. This form of phishing, called smishing, is just the type of attack that can be expected as fallout from the larger breach. Remember never to respond to SMS text messages that ask for account information, and if you think you have been a victim of a smishing attack, contact your bank immediately.

<-Read more back-issues of the Security Awareness eNewsletter