Thursday, June 7, 2012

Troubling Phishing Scam- Updated November 2015



©iStockphoto.com/Dave Pilibosian

There have been a lot of scam, phishing, and hacking incidents over the last few months, most recently with today’s announcement that LinkedIn had 6.5 million passwords stolen. What’s fascinating about a lot of these is that they are perpetrated via email, and these email scams look totally real.

I had one that was really chilling last month. About 3 weeks ago, I received a text message at 8am from my bank asking me if I had just made a purchase in the amount of $50.00 from a direct marketing company. Those of you know me know that I was sleeping at that hour, so I texted back to tell them “no.” They told me there would be someone from the fraud department calling me immediately. As I waited, I checked my email and saw another fraud alert come in via email. Turns out, 4 separate transactions had been made that morning. The first one was only for $1, and the others totaled around $200. (I could only imagine that the $1 charge was a test to see if the purchase would go through.) I checked my wallet and saw that my card was there, so the debit card number had to have been taken from somewhere online. Luckily, I called the number on the back of my card and spoke with the fraud department at my bank, had the charges reversed, canceled my card, and got a new card ordered. I was also able to stop by the local branch and get a temporary card while I waited for the new one to arrive. It was very easy, and I was very relieved.

A few days later, I received an email from what looked like my bank at the email address they have on file for me. The email said that the fraud investigation had been started, and I just needed to click a link to login and download the fraud report documents. Here’s the exact text of the email:

ERIN CRONICAN,
Welcome to the Chase Customer Claims Secure Document Exchange.You recently contacted Chase regarding your claim number 083968193080001. Your documents are available for your review.

Per our telephone conversation, you will need to register to our secure website by clicking on the link below or copy and paste the link into your browser’s address bar.
https://sdx.chase.com/consumerdcx-chase_atm/private/main.jsp?username=phSeJFa%2F%2F9WRKM3ZLLggyEPH7ry%2Bg4gbYPann6g3awA%3D
Your user name is erin@erincronican.com
Your initial password is: 4Fc4dC7K (you will need to change this on first login). 
On your first log in, you will be required to select a new password. NOTE: This site is different from Chase.com and passwords are not related. Updating your password on Chase Customer Claims Secure Document Exchange will have no impact on established Chase.com passwords.

Once registered, you will be able to access your customer correspondence on our secure website. You may be offered the option to complete and sign the form online if you wish to do so.
Thank you for using Chase Customer Claims Secure Document Exchange.
To contact Chase for claim related questions or to withdraw your claim, please call 1-866-564-2262.

Seems innocent enough, right? But guess what? This email was not from Chase.

Most likely, this is from the same folks who stole my debit card number.

The first red flag was that they openly said, "This site is different than Chase.com.” And, true enough - they were sending from an email address with the domain “secure-dx.com.” If you go to their website, you get forwarded to “wolterskluwerfs.com/info/sdx/index.html,” a professional looking website that describes them as a secure document exchange service. But then, if you notice, the link they asked me to click is for a completely different domain. The fact that these two domains didn’t match made me concerned.

The second red flag was the email saying I had documents to review. I figured that if this were true, the person on the phone (when I reported the fraud) would have told me to be on the look out for documents. And if not, then the person at the branch (where I got my temporary card) would have mentioned it. It seems to me that if a customer is defrauded, a business would go to great lengths to make sure that further communication removes any possibility of fraud. This email was a surprise, and that in itself raised a red flag.

The third red flag was that they said I would need to change my password immediately upon logging in, and mentioned that my password here would have no bearing on my password at my bank. I found this to be odd and my Spidey sense went on overdrive. I’m sure that what victims do, to make things easy, is change their password to the same password they use at their bank. If I had clicked the link and done what they said, most likely they would have been able to get into my bank account directly and completely wiped me out.

So, I did some Googling, and I found something startling - this scam has been reported as far back as 2009.

So, I forwarded the email to Chase (their website says suspicious emails should be sent to abuse@chase.com) to see if it was truly from them, and the stock response I received said that it was, in fact, a scam. Here’s what they said:

Thank you for sending us this e-mail. We have received multiple copies of this message and have already forwarded it to our fraud department for additional investigation. Although the e-mail appears to be from Chase, it is not. It has been designed by fraudsters with the intent to trick you into providing private information about yourself and your accounts. This is known as “phishing,” and the number of people who fall victim to this scam is unfortunately rising.

If you have responded to the e-mail with any information please call us immediately using the number on the back of your card, on your statement or from the “Contact Us” link on Chase.com. It is not our practice to:

- Send e-mail that requires you to enter personal information directly into the e-mail
- Send e-mail threatening to close your account if you do not take the immediate action of providing personal information
- Send e-mail asking you to reply by sending personal information

You should never reply to, click or enter any information if you receive a suspicious e-mail.

We actively investigate each of these attempts and work hard to stop any further unauthorized e-mails from being sent. Although we did not send the e-mail, please know that we regret any inconvenience or concern it may have caused you.

Thank you, E-mail Customer Service Representative

Sounds good, right? BUT -- the reply came from this email address “Abuse <abuse9@cigpopmail.bankone.net>.” I checked that domain name, and it comes up a dead link. Not to say, of course, that this email is a fraud too, but I’m a little tired of getting emails from websites that are NOT from my bank’s domain name. Better safe than sorry, I checked their website again and found an alternate address to mail to (accountatrisk@chase.com.)I wrote to them asking for a personal reply rather than a stock reply, so that I can make sure that this response is legit. I’ll let you know what I find. [UPDATE June 20: Chase's response above was legitimate - which I confirmed by phone.]

The thing that's scary is -- somehow, the person who stole my card number also had my email address -- the same address I had on file at the bank. They have such a complete scam going - they knew I would get the card canceled when I noticed the charges. Any normal person would have clicked the link in the email -- I just happen to be more careful and detailed than most so I avoided that catastrophe.

I decided that my only real recourse is to post this information, in full, so that you all can be aware of this scam and, possibly, avoid it. If you have had any problems like this, or with this exact scam, please leave a comment below so that those who are researching this scam can learn your story.


UPDATE: June 20, 2015

So, this is really odd. If you scroll down and read the comments you'll notice that on June 17 an anonymous person lambasts me for posting this warning on my blog. (Go ahead and read it now -- I'll wait.) I ended up having to delete some of his comments because they were becoming more and more incendiary. But that's not the odd part. The odd part is the less than 24 hours later, MY CHASE DEBIT CARD WAS STOLEN AGAIN. 

The same thing happened - I got a text, email and phone message from a Chase asking me if 2 recent transactions wrre mine. When I called the number on the back of my card we confirmed that my card had been compromised. This time I was forearmed and forewarned and I asked the fraud department if they would be sending me an email from a document exchange asking me to fill out an electronic form on the exchange website. He told me unequivocally that THEY WILL NOT SEND AN EMAIL ASKING FOR PERSONAL INFORMATION TO BE GIVEN. 

But sure enough - today I received the EXACT same email from the Document Exchange requesting my private information to be entered into a website. QUELLE SURPRISE. 

Now, it may be some kind of voodoo-like coincidence that my card was stolen one day after some anonymous editor person rants on my blog trying to get me to stop researching shady and fraudulent practices. But I'm grateful - because it forced me to ask point blank questions of my bank to be perfectly clear what their procedures are and which are fraudulent. 

No matter what kind of anonymous person wants to convince us that our due diligence is problematic, KEEP GOING. I want to commend you on doing your research and reading this far. Please continue to post your experiences below so that other people can benefit. 

Addendum:

Now- after doing some research I do see that the original response I got from abuse@chase.com may have been from their company (albeit not as transparently as makes sense.) But I recommend that you actually get a rep on the phone using the number in the back of your card, which will guarantee that you are speaking with someone authentically from Chase.

UPDATE: June 23, 2015

I just received a second email from "Chase" - here it is with the long headers first:
From: chase_customer_claims@secure-dx.com
To: Erin Cronican
Reply-To: chase_customer_claims@secure-dx.com
Received: from chaseatmweb1.secure-dx.com (unknown [209.235.35.118]) by ismtpd-050 (SG) with ESMTP id 14e22cc884e.10dc.108068 for ; Tue, 23 Jun 2015 23:41:46 +0000 (UTC)

Subject: Chase Customer Claims Secure Document Exchange Password Hint
 
----
The Chase Customer Claims Secure Document Exchange password hint that you provided for the registered User Name erin@erincronican.com is below.
Password hint: 'password is 4Fc4dC7K'.
If this hint has helped you to remember your password, then please login by clicking this link
https://sdx.chase.com/consumerdcx-chase_atm/private/main.jsp?username=phSeJFa%2F%2F9WRKM3ZLLggyEPH7ry%2Bg4gbYPann6g3awA%3D
User Name: erin@erincronican.com 
If you still can't remember your password, then please click this link and you will be emailed a new one. 
https://sdx.chase.com/consumerdcx-chase_atm/guestaccess/ForgotPassword?resolve=reset&j_username=erin%40erincronican.com 
To contact Chase for claim related questions or to withdraw your claim, please call 1-866-564-2262.

I did some research on the phone number they say is for Chase claims, and I found this fascinating legal claim against a company called "Star Cash Processing" - http://www.dbo.ca.gov/ENF/pdf/2010/StarCash_dr.pdf. But I have seen the phone number also listed within the depths of Chase's website, so it's hard to know what's legitimate.

This situation is getting weirder and weirder - I'm just now noticing that the "password" they gave me in the 2012 and the 2015 emails were exactly the same. It makes the comments I got a few days ago that much more disturbing.


UPDATE July 8, 2015

Since mid-June when my card was most recently compromised, I have gotten EIGHT (8) copies of this exact email sent to me, over and over again, telling me to download these fraudulent documents. They are relentless!


UPDATE August 5, 2015

Since my last post I have received no fewer than 20 more copies of a new email, this time telling me that my password has been changed. Funny, though - the "new" password is exactly the same as the old password:

chase_customer_claims@secure-dx.com To: Erin Cronican
Reply-To: chase_customer_claims@secure-dx.com
Chase Customer Claims Secure Document Exchange Temporary Password
Your Chase Customer Claims Secure Document Exchange password for the registered Email ID erin@erincronican.com has been changed to
    4Fc4dC7K
Please login by clicking here and carefully entering your registered Email ID and the password above (note that you will be required to choose a new password upon logging in).
To contact Chase for claim related questions or to withdraw your claim, please call 1-866-564-2262. 

UPDATE November 3, 2015

Since my last post I have received no less than 1 email PER DAY (and sometimes 2-3 within the same hour) with the exact same message as above (offering me a new password to login, though its' the same as every password they have ever sent to me.)

In other news, see below for several more anonymous commenters trying to convince us that this scam is legitimate.


UPDATE November 4, 2015

Wouldn't you know it?! After several years of receiving the exact same email message from this "secure-dx" company, the very next day after battling with a commenter (see below) I receive a brand new message from them, telling me my password has been changed and they're giving me a new one. And it actually IS a new password, not like in the hundreds of messages I've received in the past where my new password is the same as the old one they gave me.

It may be a coincidence that their communications made a sudden change the day after these comment exchanges, but after so many years of the same message over and over, a coincidence doesn't really feel like the right description. It feels like I'm being watched. This seems especially so because of how many anonymous posts are from people swearing the secure-dx is legitimate, but they never answer my specific questions nor reveal who they are. Are they a part of the fraud and they're trying to make sure that my readers view them as safe?

Again, do your due diligence and you should be just fine. After all of this, nothing severe has happened to me. Chase has been great about returning any money that has been stolen and getting a new card issued has been only an inconvenience.

I'd like to hear from you. Please share your experiences in the comments section so everyone can learn from what you've seen & heard!


Have a comment or question? Leave it by clicking below!

Erin Cronican's career as a professional actor and career coach has spanned the last 25 years in New York City, Los Angeles and San Diego. She has appeared in major feature films and on television, and has toured nationally with plays and musicals. She has worked in the advertising & marketing departments of major corporations, film production companies, theater magazines, and non-profit acting organizations. For more information, please visit http://www.erincronican.com.





63 comments:

  1. Very crazy, they seem to be getting better and better at scamming people. Thanks for the info, much appreciated!

    ReplyDelete
    Replies
    1. Good day to all viewer online..Hacker Atm card is right here and get rich immediately and take money directly from any ATM Machine Vault with the use of our ATM Programmed Card which runs in automatic mode.This is an opportunity you all have been waiting for. Get the new programmed ATM BLANK CARD that can hack any ATM MACHINE and withdraw money from any where in the world. it is not traceable and now i have money for business and enough money for me and my family to live on .I am really happy i met Mr Dickson because i met two people before me and they took my money not knowing that they were scams. But am happy now.Mr Dickson sent the card through DHL and i got it in 24hours. Get your own card from Mr Dickson now he is not like other scammer pretending to have the ATM card,Mr Dickson is giving it out for free to help people even if it is illegal but it helps a lot and no one ever gets caught. im grateful to Mr Dickson because he changed my story all of a sudden . The card works in all countries except,his whatsapp number +12048178403 or email him:dicksonblankatmhacker@gmail.com

      Delete
  2. I totally don't have that kind of Spidey Sense. I probably would've just handed over my info. So, good for you. I'm trying to learn from this and be a bit more discerning.

    ReplyDelete
  3. Thanks for the heads up, Erin!! I'm not very good at looking out for these types of things...so thanks again :)

    ReplyDelete
  4. Good for you and your Spidey Sense, Erin! I also had fraudulent charges on my Chase card (WHILE I WAS IN NYC, BTW)totaling $400. Fortunately, though, I did not get the follow-up emails you had to deal with. My policy is never to click on the link in the email itself but to go directly to the site. Luvu! ;)

    ReplyDelete
  5. Thanks, everyone! I'm glad my experiences are helping to shed some light on this growing problem. Freaky!

    ReplyDelete
  6. Erin,
    Thanks for posting this. I hit on your blog off of Google as I was also looking into this. I too received an email response from abuse9@cigpopmail.bankone.net after I had forwarded them a fraudulent e-mail. The response I received had my original message which could only have been included out of three possible ways.
    1. The message I sent to abuse@chase.com was not really going to them and instead to a third party hacker OR
    2. A third party hacker could have intercepted my original message to Chase and was attempting to spear-phish me because of my established rapport with Chase OR
    3. The lesser likely scenario that the hackers were already on my computer so they knew what I was doing (I use outlook), which wouldn’t make sense because they wouldn’t need to spear-phish me with this message from abuse9@cigpopmai.bankone.net since they would already have access to my box.
    So I looked into the message header and this is what I found:
    x-store-info:J++/JTCzmObr++wNraA4Pa4f5Xd6uensxNRGNyaWNydpIKKZWnz6tj0la64JezwGcw+gzvYXdEGSKGVJKWyWZXFJHU2S9bkBLVY3KvLdcqV93nl57b2Nm3fSoazKP3n+Ibyq6t3UFvM=
    Authentication-Results: hotmail.com; sender-id=none (sender IP is 159.53.46.154) header.from=abuse9@cigpopmail.bankone.net; dkim=none header.d=cigpopmail.bankone.net; x-hmca=none
    X-SID-PRA: abuse9@cigpopmail.bankone.net
    X-SID-Result: None
    X-DKIM-Result: None
    X-Message-Status: n:0:n
    X-AUTH-Result: NONE
    X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0w
    X-Message-Info: aKlYzGSc+LntszwVaofz52xuXfq08rl0ObG1pHc5X3MRxH+TJp4ZEQe8N5LUMuYp8dNIoXD673l5RMHhszPUjJpMySXTsZtMvg9iSG/mxAhaQw03/UJmsXNm+CP3QkgSRoiSIjk0IMp5BojjE4p6Hw==
    Received: from jpmchase.com ([159.53.46.154]) by SNT0-MC3-F6.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
    Tue, 3 Jul 2012 02:28:49 -0700
    Received: from ([169.81.40.81])
    by imhvf3.jpmchase.com with ESMTP id 5DDHWG1.495676011;
    Tue, 03 Jul 2012 05:28:46 -0400
    Date: Tue, 3 Jul 2012 05:28:47 -0400 (EDT)
    From: Abuse
    To: Jimmy xxxxxxxxxx@hotmail.com [e-mail address omitted]
    Message-ID: <4609743.112351.1341307727719.JavaMail.respcrm@cig4s445>
    Subject: Re: FW: Chase ACCOUNT ALERT! 2 July 2012 [ID: 530f]
    MIME-Version: 1.0
    Content-Type: multipart/related;
    boundary="----=_Part_112349_906078.1341307727684"
    x-mailer: KANA Response 10.4.2.7.6
    Return-Path: abuse9@cigpopmail.bankone.net
    X-OriginalArrivalTime: 03 Jul 2012 09:28:49.0261 (UTC) FILETIME=[409D71D0:01CD58FE]

    Key things to take away from this are that my mail server (Hotmail) received an email from a mail server with a host name of imhvf3.jpmchase.com (note the domain). I conducted a traceroute and the IP address of this mail server breaks out to 159.53.46.154 (which is consistent with what the message header says the sender IP address is). I then took that IP address and threw it into a who is tool (http://network-tools.com/default.asp?prog=whois&host=159.53.46.154) and found that it was a legitimate domain registered to JPMCHASE.COM . I went to that site and am now convinced that this is a legitimate chase mail server.

    I would suggest for future reference for you all to look at the message header and follow these steps to find out for yourselves if the domain is legit.

    - Jimmy

    ReplyDelete
  7. Whenever I get an email that I suspect is a phishing expedition, I click "forward." That gives me the chance to see where the links lead without actually clicking on them. Then I delete the forward and the original email. So far, so good.

    ReplyDelete
  8. Elaine - I'll have to try that. I've been using the "Message" menu to reveal the long headers, but that sounds so much easier. Thanks!

    ReplyDelete
  9. I did a thorough vetting of those mails and came up with this.

    First, it is not too hard to go to "Display full header"; next, edit to select all. then copy; next clear screen; then Forward, Edit=Paste to apply to the body od the message.

    JP MorganChase has a very interesting Investigations department at the IT Admin group. Spent a while on the phone with them, btw. So send the forward to fraud.prevention.and.investigation@jpmchase.com, and they will do the rest. Hopefully none of you will chip a nail doing it.

    What I sent earlier got the hacked Chase servers cleaned up, but there was a new one by the sods which came to my SPAM tin with a full Spam/pfishing alert tied to it, so they had to move. From the time stamps they seem to be on the East Coast, NYC or even Toronto,CA.

    Btw, I do this for a living now that I'm retired. Yeah, right!!!

    ReplyDelete
  10. Thanks, Harry. When I get emails like this I immediately send them the full headers or forward the entire email, with full headers, to the email address they have on their website. But I didn't have that email address you listed, so it sounds like that's a good place to start.

    Thanks for stoping by and leaving your thoughts!

    ReplyDelete
  11. Holy crap. This EXACT thing is happening to me as we speak. My debt card was used today 2 times in the UK and 1 time in the US. I cancelled my card and obtained a new one ASAP.

    Later in the afternoon I received an email from "Chase" Secure Documents. When I forwarded that on to abuse@chase.com, I received the fake "acknowledgement" emails from Chase. This is soooooo scary!?

    I have changed all passwords. Should I be closing down my email address and obtain a new one? I do not have malware or virus software on my Mac, so I really don't know what's going on.

    Thanks for reading!

    ReplyDelete
  12. It doesn't seem like your email is compromised in any way, so no need to change your email. Just make sure that all of your security conversations with Chase happen by phone via a phone number that is published on their actual website.

    Sorry to hear you're going through this. Hope everything turns out ok!

    ReplyDelete
  13. Thanks so much for posting this Erin! I just got 400 dollars stolen from my bank account by some jerk who got my debit card number and spent my entire account at 5:30 on a friday morning when I was still asleep. Chase texted me and I then spoke on the phone with their customer service about the issue and they put the money back, but just today I got that weird suspicious email and decided to google, because the guy on the phone NEVER mentioned a customer service claims number...so that's what got me thinking. I always right claim numbers down. So I'm going to delete the email and pray nothing else happens to my account.

    Thank so much for posting this is a scary scam.

    ReplyDelete
  14. I got the email from abuse9@cigpopmail.bankone.net with attachments.

    ReplyDelete
  15. I just wanted to say thank you - I just got an email like this one. I actually had filed a claim but a)there really shouldn't be any documents relating to the claim that I filed and b)whatever information that they have for me should be on their own website to update me and c)I don't remember having a telephone conversation with anyone who told me about a website. I clicked the link, but went no further and immediately shut it down.

    It looked so very legit that I would have easily given the information if it weren't for your site. Thank you.

    ReplyDelete
  16. You're very welcome - I'm glad this post could be of service! :)

    ReplyDelete
  17. Hi Erin, the exact same thing just happened to me right now! Thank you for posting this since it helped to quickly confirm that it was a phishing email.

    ReplyDelete
  18. Thank you so much for posting this! I just got that email today. Within a month I had to change my credit card twice and my debit card once.

    ReplyDelete
  19. Thank you! I just go it too. It must be still working for them. :(

    ReplyDelete
  20. I just got this email as well, after cancelling my card earlier this week due to a fraudulent charge. I had the same reaction and immediately googled it. Thanks for posting your experience!

    ReplyDelete
  21. Same thing happened to me but I had issues with my card more than 3 months ago, I found it odd to get an email now and had to google it. Thank you for this blog!! :)

    ReplyDelete
  22. Same thing has happened to me recently this week. Actually Wednesday to be more precise, I got a call in the morning that I did not answer because it was odd when it started with the free toll number 800, so as usual when I get unknown calls, I researched the number and people online said it was Chase fraud. I looked up online to see my activity on my Chase account and noticed a $1 transaction to Cheyney University which was really odd, so I decided to call Chase Customer service to see what they can do to help me. First call I had to hang up because I got a text from Chase Fraud that I paid around $100 for a "dating service" in Luxemborg. Also reported to me on my email address from Chase that they restricted which was explained on my second call. Customer service saved the day and reissued my card number so I won't be getting problems. Still on the look out to see how exactly I was "phished" out, had to change a lot of things and make calls with insurance and such on to let them know about my situation since I couldn't make payments until I get my new card. Then like said on your article, I got another odd email message about sending a Customer Secure Claims Document, I clicked the link and saw the odd page. I didn't add the given password because it was suspicious, what made it more suspicious was the email. Nothing happened so far and I've put up my internet security to be more highly secured with its Fire Walls and others to make sure nothing else happens.

    For anyone who can relate with this article, please call Chase Customer Service with their actual number on the back of your debit/credit card to assist the problem! If you get any weird Chase messages that don't even look like a legit Chase message. Leave it alone, don't even think of giving it a reply or click on the link or follow its ridiculous directions. Follow your logical instincts to keep yourself safe from such situations we've gone through!

    ReplyDelete
  23. Same thing has happened to me just after I went to Chase bank in person. They also give me a call!!!!

    ReplyDelete
  24. The reason the "same thing" is happening to all of you is because it's totally legitimate. EXTREMELY poorly executed by Chase, for sure, but totally legit.

    Your red flags:

    1) Different domains. Unfortunately banks actually do stupid crap like this. It's a TERRIBLE practice. But your objections shouldn't be objections - first, the Secure Document Service email (now a subdomain of the main Chase site) points to a site that IS in fact different than Chase.com. In other words, your login for one service will not affect the login of the other. There's nothing suspicious about that. Your login to GitHub or Facebook or Gmail won't affect your Chase account either. That's not suspicious. That's how it's supposed to work.

    2) You stated: "It seems to me that if a customer is defrauded, a business would go to great lengths..." I challenge your assumption there. Businesses do all kinds of stupid things. One hand doesn't know what the other is doing, etc. etc. Poor communication between a consumer and a large corporation? Join the club, buddy. :-) What a company SHOULD do and what they DO do are sadly not always the same thing.

    3) Having a temporary password assigned, and subsequently having to change it upon your first login is a CORRECT security practice. They're doing the RIGHT thing there. Your objection regarding password re-use isn't the bank's fault. It's the consumer's responsibility. And the fact that they're using different logins for each service is actually a consumer PROTECTION. If their Secure Document Service gets compromised, then it doesn't automatically mean their entire user database has been compromised.

    I work in InfoSec. This is what I do for a living. We investigated one of these this morning, which is what led me to your blog post. I'm not trying to sound like a jerk, but postings like this do a DIS-service to people trying to investigate legitimate fraud. Have a look at your comments, and you'll see that you're leading people astray. Please stop. Our jobs are already hard enough.

    ReplyDelete
    Replies
    1. Considering that I spoke with Chase directly about this and they said this is NOT them, your reply is questionable at best, and another fraud at worst. I have every right to let people know about my experiences after my bank card being stolen AND THEN being contacted by someone pretending to be my bank. I don't know who you are or what your business is all about since you've posted anonymously, but it seems that yours might be a business customers also need to stay away from. Thanks for giving us the heads up.

      Delete
  25. You didn't speak to Chase directly, or at least you didn't say you did. The generic stock email you received does NOT in fact state that it's a fraud, as you claim.

    And no, calling me fraudulent isn't helpful either. Like I said, investigating cases like this is what I do for a living. :-)

    You stated that you have every right to let people know about your experiences. Nobody is disputing what your rights are.

    But then you stated that you were "THEN () contacted by someone pretending to be [your] bank," which isn't true. It'd be more accurate to state that you were contacted by a third-party, and you weren't sure if they were legitimately affiliated with your bank.

    Wolters Kluwerf is in fact a totally legit company. Chase's entire Secure Document Exchange service, which is run by that company, is VERY POORLY EXECUTED. But it's still totally legit.

    BankOne merged with JP Morgan Chase in 2004. The email you received from BankOne WAS FROM CHASE (more specifically, a JP Morgan Chase company). Using old domain names is also a bad practice, but still totally legit. Google uses youtube.com as their authenticator for some services after they bought YouTube. Bad practice, but still legit.

    ReplyDelete
    Replies
    1. I did speak to Chase directly - by phone a few weeks later after getting my card. I did not update the blog because there was no need. Chase told me, point blank, that this was not them and that they would be handling the issue.

      If your company is as legit and powerful as it claims to be, why are you so concerned about one blogger? Maybe you could spend this time working with your company and the banks to make your practices more transparent?

      Delete
  26. Thanks for posting Erin! Same email was sent to me. Called Chase and they told me the email was a fraud and that they keep close records of all communications with customers and that email wasn't in their records. Forwarded the email to abuse@chase.com and they replied as follows:
    Dear JPMorgan Chase Customer,

    Thank you for notifying us of the email you received. Please be aware that this is a valid email sent by Chase.

    If you have any concerns please contact us at the number located on the back of your credit or debit card or at the top of your most recent statement.

    Thank you,
    Chase Internet Security Team

    I took a chance, clicked the link contained in the original email i thought was fraudulent. After logging in and downloading the claims document it looked to contain info only chase would know.

    Long story short, I now believe the email and secure-dx website to be legit, despite their sketchy appearance.

    ReplyDelete
    Replies
    1. PLEASE BE CAREFUL NOT TO SEND THEM ANY PERSONAL INFORMATION. This email was NOT from Chase. I have verified it multiple times via the phone, in the branch and via email. They have your personal information because they have received hacked information about you, and that is how they perpetuate the fraud. PROCEED AT YOUR OWN RISK.

      Delete
  27. Thanks for posting Erin. Just received the same email after having my card compromised around a month ago, then attempted again about a week and a half ago.

    I'm located in NYC as I saw someone else is. Seems to be centered here. They keep trying to use my old card at Macy's, as Chase forgot to shut off my old card after they sent me a new one. I received the email after Chase finally shut off my previous card, so guessing this is their next step to try to get my info.

    ReplyDelete
  28. This just happened to me on Friday and I received the email today. I thought something seemed wrong so I went to Google and found your blog!

    Thank you for posting!

    ReplyDelete
  29. Hi, Erin,

    Unfortunately, your blog post is leading its readers astray. This is in fact a completely legitimate email from Chase. As a previous commenter has said, it is poorly executed, but legitimate.

    I am not denying that you spoke to Chase or that they told you this wasn't a legitimate email. However, whomever you spoke to was misinformed.

    As counter-evidence, I'll direct you and your readers to a blog post from 2009 as well as an ensuing reddit discussion of said blog post.

    I myself received the same email today and after doing some homework logged in. Sure enough, it was Chase telling me a disputed charge from just over a month ago had been resolved.

    http://www.pixelmonkey.org/2009/08/21/chase-insecure

    https://www.reddit.com/r/programming/comments/15yrcz/i_had_the_same_reaction_as_this_guy_after/

    ReplyDelete
  30. So...you're telling me that the multiple people I talked to at Chase, including multiple phone operators, people on their fraud department via email, AND tellers within my local branch are all misinformed? I'm sorry, but NO.

    Since my last update I have received no fewer than 30 identical emails from "Chase" telling me that they have a brand new password for me to get my fraud documents. The password is the same as it has always been (even the same as the one I got when my card was compromised several years ago.) No business that has any staying power makes these kinds of mistakes.

    This leads me to my biggest question, Anonymous - WHY DO YOU CARE? What do you get out of posting anonymously on a personal blog? Why do you do so anonymously? I would think that CHASE would contact me if what I was saying was so detrimental to their business of their customers. But instead I'm getting anonymous posters sending me old blog posts as "proof" that a scam is legitimate.

    You guys can keep posting and posting, and to my readers I'll say every time - DO YOUR DUE DILIGENCE. Don't rely on what you find online to be the correct answer. before filling out any forms or submitting any personal information CALL YOUR BANK. I promise you, it will all work out just fine without following the instructions of the fraudulent email. My card was replaced, the money stolen replaced, and my life is back to normal. Well, normal except for these yahoos taking over my comments section. BE VIGILENT.

    ReplyDelete
  31. I received this same email today, however I haven't had fraud issues with my card in about three months so I was immediately suspicious and Google led me to your blog. I'm glad to know that my I instincts were correct. I will be calling Chase.

    ReplyDelete
  32. I, too, have received a message from Chase/secure-dx.com concerning a claim I'd filed. I followed up on the secure-dx.com site and found it to be legit. It had recent correspondence concerning my claim and its resolution.

    ReplyDelete
    Replies
    1. Unfortunately, that's all a part of the scam. If you followed up on the secure.dx.com site, you have stepped further into the fraud they've created, which is very convincing. Be sure to keep an eye on your new account...

      Delete
  33. Thank you Erin! This helped a lot!!...weird it seems to have affected a lot of us NYers... Still trying to figure out how my card #s were stolen over 3 times now :(
    Seems Anon user is in on the scheme smh.

    ReplyDelete
  34. This comment has been removed by a blog administrator.

    ReplyDelete
  35. Sorry, that was too short.

    "I would think that CHASE would contact me if what I was saying was so detrimental to their business of their customers. But instead I'm getting anonymous posters sending me old blog posts as "proof" that a scam is legitimate."

    Two big problems here:

    1) Nothing personal, but you're not really distributing information that Chase is afraid of. It's incorrect information, but not in a way that hurts them or the customers who take it seriously.
    2) Nobody, as far as I can tell, is trying to "prove" anything - simply offering evidence that many, many people have a) had the same reaction to this (admittedly sketchy-looking) email and b) looked into it and received *a different response from the bank than you*. That's not so much "proving" as "offering a non-trivial amount of counter-evidence".

    What's more likely, that a bunch of people who called got someone who positively asserted that Chase uses "Secure DX" erroneously, and you got the one representative who knew the truth, or that maybe you got a representative who hadn't heard the name of the service before?

    Anyway, you can always call them, like I did, just now. (n.b., I did have to be transferred up the line in order to get someone who was familiar with SDX, so I'm not entirely surprised you came to the conclusion that you did)

    ReplyDelete
    Replies
    1. Look. I don’t know why you and all of the people who support this fraudulent exchange are posting here anonymously. And I don’t know why you are so hellbent on trying to prove that the sdx site is legitimate. Why do you have such an interest in people using those document servers? What could you possibly be getting out of this? Nothing I have said — drawn from my personal experience and deep research — has hurt anyone. I dare you to find any one of my commenters who have not had their funds returned or card replaced because they opted to call the bank rather than click on a suspicious email link.

      I only leave your comments up here so that people can see how crazy the situation has become.

      Bottom line - There is no need to fill out fraud paperwork to have your card and your stolen monies replaced. Customers who have had their card compromised should call their bank using the number on the back of their card to report the fraud, or they should go to their local branch. They will receive all of the information they need via that phone call or personal visit.

      My main goal is to make sure that people like me who have had their cards stolen have complete information before they make a decision about how they would like to go about solving the problem of the theft. Oddly enough, posts like yours only serve to deepen the need for alert and care. So, in a way I thank you for inspiring me and others to be more passionate in their recourse.

      Delete
    2. "Oddly enough, posts like yours only serve to deepen the need for alert and care."

      OK, look: I called the bank. I got the answer I expected, after having read this blog post as well as the others linked above (which I independently arrived at after checking myself). That's the "due diligence" you recommend many times above. When I got confirmation from the Chase representative (again, someone higher up the chain than the first person you get when you call their fraud line) that the service was in fact something they use, I logged in using the credentials they supplied. None of these were my Chase credentials, and as such, could not be used to access my Chase account. I can't stress enough that *this is a stupid way for Chase to operate*, but I'll say more on that later. I was not, at any point, in the email or otherwise, asked to provide *any* information that would allow anyone access to my Chase account, in any way.

      I don't expect to change your mind, because you convinced yourself from the outset that SDX is fraudulent. There was good reason for suspicion! But ultimately you read into the situation what you had already assumed.

      "I dare you to find any one of my commenters who have not had their funds returned or card replaced because they opted to call the bank rather than click on a suspicious email link."

      That's... not really the point. The link doesn't get you access to fraud services, nor does it claim to. Exactly zero (0) people have claimed that you should click the link instead of calling. It would be ludicrous of them to state that, since the link *does not make any promise of filing a fraud claim*. Literally all it is (for me, anyway) is a link to a PDF of a form letter stating that they've started an investigation and (again, in my case) have refunded the fraudulent charge(s). The reason you keep getting these? *It's because you never opened them in the first place*. There's an unread document on a server somewhere, and their automated system is going to keep emailing you until you read it.

      Back to that thing about Chase being stupid: Consider that they have been hacked multiple times. Hell, passwords for the Chase website aren't even case-sensitive! Consider that maybe *leaving Chase* is an all-around more sound option than continuing to bank with them. Assuming you ever use your card for anything, you can't really avoid the risk of someone taking the information. But you can maybe at least look for a bank (as I'm planning to do at this moment) that has something resembling information security standards.

      Delete
    3. Sir or Ma’am - if we’re all in agreement that people should first and foremost call to address the fraud, and you say that all the website offers is a document which you can download as a PDF, why are you compelled to post here? What is the benefit for the customer, and what is the benefit for you in defending it?

      You say that “Literally all it is (for me, anyway) is a link to a PDF of a form letter stating that they’ve started an investigation and (again, in my case) have refunded the fraudulent charge(s)”. If that’s the case - if this service has nothing to do with completing a claim - then why did they say in their original email (the ALL CAPS are mine, to emphasize the point):

      Per our telephone conversation, YOU WILL NEED TO register to our secure website by clicking on the link below or copy and paste the link into your browser’s address bar…You may be offered the option to COMPLETE AND SIGN THE FORM ONLINE if you wish to do so.

      This tells me that whoever sent this email thinks it’s vital for me to go to the website, and they tell me in advance that I may be asked to fill out personal information online.

      Also, they say “per our telephone conversation” which would imply that we discussed the need for accessing the SDX website or downloading documents while on the phone. We did not.

      Regarding your assertion that I’m receiving hundreds of emails from SDX because of an unread document: In my ACTUAL online profile for Chase they have an inbox where I have unread messages on an occasional basis. My notifications are on and I do not get multiple emails a day telling me that I need to read those doucments. Further, the SDX email is always the same - it says that my password has changed and I need to login with the new password (despite the fact that the password is exactly the same as every other password they’ve given me.) They also never mention that I have a pending document, or anything I need to sign, or anything to close out the claim.

      TO SUM UP (or, why I continue entertaining comments like these.)

      THIS IS A VERY SCARY FRAUD THAT IS FAR DEEPER THAN JUST TAKING YOUR DEBIT CARD NUMBER. In my original post, I stated that what normally happens with people when they sign in to a website is they change their password to something they know. It goes against security standards, but that’s what’s common.

      If a person thinks this SDX site is a Chase related website, most people would select a password that is the same as they use for their Chase account. THE THIEVES ARE COUNTING ON IT. I believe THIS is how they perpetrate the deepest fraud. These guys are smart - they know that the first charges will be caught and refunded, and they have found a perfect way to phish for deeper information. It’s brilliant and awful.

      I will respectfully end this debate here. If you’d like to say more, I invite you to create your own blog and write about your experiences there. Your anonymity plus passion for trying to debunk my experiences creates enormous doubt - which, again, is exactly why I’ve left comments like these for all of my readers to see. I believe that you are helping my case rather than harming it. That said, I have other things to do with my time rather than debate this further with someone I don’t know.

      Thank you.

      Delete
    4. I mean, be mad about what you erroneously believe to be a scam all you want. Continue making the mistake of assuming that someone correcting your error is doing so for nefarious purposes. But don't be surprised when people get tired of a constant, unfounded bad-faith approach to life.

      Delete
  36. The exact same thing happened to me. I know for a fact that it was because I used a site called gunbroker.com to buy ammo from. Don't trust them. I've since done my homework and found that several other people online have had similar problems with them.

    They required a onetime fee of $1 to become a member in order to use their services. Immediately after entering my credit card info to pay their fee and secure my purchase, I got message from their website saying my credit card was flagged and that I would need to send them a fax or email with a copy of my drivers license and a utility bill. This was super suspicious so I emailed them to cancel my account, order and to not charge my credit card with anything.

    Long and short of it, they were able to charge my card with the $1 registration fee so, they were able to process my credit card just fine despite their claim that it was flagged. Immediately after that I received a strange charge for almost $400 on my credit card. After calling Chase to report it, right after that is when I received the bogus Chase Customer Claims Secure Document Exchange email. Don't know how these crooks got all of you but I know for sure for me it was gunbroker.com.

    ReplyDelete
  37. I also got a similar email so using the secure email system at Chase I sent an email asking if it was a legit email. They responded and said No and not to use any of the links in the email. They said I could forward it to abuse@chase.com. I did that and got a response that the email is "legit". I then sent that email to Chase using their secure email system and got a response saying that if Abuse@chase.com says it is legit then it is legit. Interestingly this email from their secure server spelled Chase as "Chse". You would think they would have autocorrect for that word. Anyway I have sent back an email through the secure service asking what the claim is about since to my knowledge I have made no claims. I will let you know what I hear.

    ReplyDelete
    Replies
    1. Thank you for posting your experiences - please do let us know what you find!

      Delete
  38. Erin,
    Thank you, thank you, thank you! Unfortunately my debit card information was stolen somehow and was charged $350 two days ago. Thankfully I had set up text message alerts and was notified right away and was able to call and cancel my debit card within minutes of it happening. I checked my email today and noticed I had received two emails concerning the fraud. One from Chase that informed me they were looking into the claim (just as the lady had told me on the phone). And another one an hour earlier from the "Chase Customer Claims Secure Document Exchange" email. My first red flag was the fact that they said it would be on a separate website from Chase. I found it odd because I figured if I had to submit anything online, it would be on the Chase website through my account. And the lady I spoke with on the phone never mentioned anything about submitting documents online. She only asked me if I preferred getting emails or phone calls for the updates. Anyways, I did click on the link but I never entered the password or anything further. My only concern is that the "Customer Document Exchange" email has the same exact claims number I was provided from the second legitimate Chase email. I have no idea how they could've gotten that number. I am really hoping that nothing else was compromised and that I can get my money back, as this is the first time this has happened to me and I called right away after the charges happened. Thank you for informing other on your situation!!

    ReplyDelete
  39. The reason many of us are trying to set you straight is because we have to invest so much time doing "tech support" for our relatives who read alarmist blogs like this and get the wrong information.

    There's enough REAL fraud out there to deal with already.

    ReplyDelete
  40. Called Chase and went into a branch with the email - Both said fraud and to delete immediately.

    ReplyDelete
  41. Same experience here. Called Chase and they said these are all fraud and 'chase bank will never send emails with links'. HOWEVER, sdx or secure-dx is actually legit, which makes it even worse. I saw someone reported this in 2009 - 7 years've passed and nothing changes. Kudos to Chase PR department lol, but I'll definitely move away from Chase bank now.

    ReplyDelete
  42. I deposited a check ( pay to the order of my business name) yesterday through ATM into my personal account. I got secure message from chase that the deposit was not accepted. So I went to a chase branch this morning, where they explained to me that I need to open a business account in order to cash the check. The representative I talked had to call to the HQ to find out when the check will be returned to me. After I left the bank I received the same email from chase_customer_claims@secure-dx.com. I got a little suspicious and just found this article online. I will wait until tomorrow to talk to a chase representative again about this email, since I have appointment to open the business account. Do not be sorry Be careful!

    ReplyDelete
  43. Just received the same email from "Chase"; however, I don't have any fraud on my account, never filed a complaint, and the email was addressed to someone else. They did include MY email address as the "username" though. I immediately searched the phone number/email and came across this blog. Thanks for the info! I was getting a little freaked out.

    ReplyDelete
  44. Got an email just now and google lead me here. FK these guys. Pasting their email below:


    We use an electronic document delivery that allows two-way, secure communication between you and us. This improves our delivery of documents to you or your office. It also allows you to send messages and documents back to us.

    To participate, complete your registration at https://sdxusers.secure-dx.com/dcx-sdx/private/main.jsp?context=3273000&username=dop9N%2F0EmqzF53fMUwq1Ug%3D%3D . You need to enter information about yourself the first time you log in to validate your identity and select a new password. Please use this information to sign in:

    Username :
    Password : 7Nq3wF8R

    Once you registered, you'll be able to retrieve documents immediately. Please contact Chase Mortgage Support Line at 800-308-8020 and press "0" if you need help.



    ReplyDelete
  45. This happened to me too and I agree it is a phishing scam.

    ReplyDelete
  46. Just got the same email, but without any fraud reporting on my end at all.

    ReplyDelete
  47. Crazy... I'm so glad I elected to look up the secure-dx domain online. I recently started a mortgage application process with a certain bank and within days received an email looking very much like one I could be forgiven for thinking came from them, but it didn't feel quite right. I had already been through the mortgage process with them some months back (seller backed out), and I definitely did NOT receive any emails from the bank like this one.

    I'm so glad my generally suspicious nature regarding emails was in full swing and I reported said email to my mortgage lender immediately.

    Thank you for having posted this excellent piece.

    ReplyDelete
  48. here we are in the 5th day of 2017 and I have received this email. thank you for these words so many years ago! Watch out people, this is just so unsettling!

    ReplyDelete
  49. This is an actual email from Chase. I got this email this morning and contacted my bank and they confirm that they send the email about a transaction I disputed 3 months ago. The document is just to let me know that the temporary credit they placed on my account is now permanent and that the case is now considered closed.

    ReplyDelete
    Replies
    1. I'm not sure which email you're referring to, but that is not the subject of the hundreds of emails I have received, to date. Chase does NOT send emails like the ones I described above. They have an internal messaging system that you can see when you login to the bank website online, and that's where notifications go. It's possible that you're talking about some other kind of email, and I can't speak to that.

      Delete
  50. This exact situation is currently happening to me! fraudulent charges yesterday (1/18/17) and now I just got that email (1/19/17) saying I have a claim number and need to log into their website to look at the documents I asked for (I never asked for any).

    ReplyDelete
  51. I received this same email and read your post and I too am convinced this is fake. I saw someone posted to report it to abuse@chase.com & I did that & just received an email back ...
    Hello,

    Thank you for contacting Chase.

    We reviewed the suspicious message or phone call you received. Rest assured, this was valid and came from us.

    In the future, continue to look out for any message or phone call that:

    - Asks you to confirm, verify or give out account numbers, Social Security numbers or other personal information

    - Threatens to close your account if you don't send personal information immediately

    - Says there are unauthorized charges on your account and asks you to enter or confirm your account information

    Visit chase.com/security for more information and advice.

    So do you think this is fraud as well? I am really nervous now.

    ReplyDelete
    Replies
    1. This sounds like a stock email response - it doesn't address your actual concern and also does not even specify if it was an email or phone call you received. I would disregard this email entirely and call them using the number on the back of your card.

      Delete

Thanks for commenting- YOU ROCK!


The Fine Print

All content in this here blog is released under a Creative Commons by-NC-ND license. That means you're free to share it, republish it, refer to it, include it in your wedding vows, whatever... PROVIDED you

a) credit me (with my name, my blog's name, and a link back to my site- displayed at the top of the blog)
b) you don't change anything
c) you don't use it to make money.

To view the license, click here. To learn more about Creative Commons, click here.

Popular Posts


Top Blogs Acting blogs & blog posts Arts Directory for New York, New York
Blog Directory & Search engine Blog Directory My BlogCatalog BlogRank
Follow the erin cronicals