From jlscr2 at yahoo.com Tue Mar 7 09:04:24 2017 From: jlscr2 at yahoo.com (Chase AcctSec. Team chasesecurity-team_noreplies@chse.com) Date: Tue, 7 Mar 2017 23:04:24 +0900 Subject: [EIDXA] Account Suspension Message-ID: <201703071404.v27E4OW9011450@www.cep.co.jp> Hi, Due to a recent compromise of our servers by some chinese hackers, It has been mandated that we carry out an integrity check to isolate and disable all suspicious accounts. For now we have already placed a red flag on several accounts thereby preventing them from carrying out any financial transactions whatsoever. To ensure that your account was not compromised, you are required to ascertain your identity, failure to do this within 24 hours will lead to account service suspension. Login and Ascertain Your Identity Thanks for your anticipated co-operation and understanding. The Accounts Team, For Chase Online From radioham at mchsi.com Tue Mar 7 14:34:13 2017 From: radioham at mchsi.com (David Christ) Date: Tue, 7 Mar 2017 13:34:13 -0600 Subject: [EIDXA] account suspension scam Message-ID: <32B6D9BB-E071-42B9-9811-B21517ACCAB3@mchsi.com> I Have had this scam come through on several mailman lists. See Mikes comment below David K0LUM RUN, don't walk the other way. Look at the address - pretty wonky and then it says something about CHASE Bank. Looks like someone hacked ALL the mailman.qth.net mailing lists. Mike / W8DN From Jason at nr0x.org Tue Mar 7 19:29:29 2017 From: Jason at nr0x.org (Jason Joens NR0X) Date: Tue, 7 Mar 2017 18:29:29 -0600 Subject: [EIDXA] Fake Email Message-ID: <021e01d297a3$0d813280$28839780$@nr0x.org> Hi guys, This kind of scam is pretty common. The email is pretending to be from Chase, but if you look at the header, you can see its from Chase AcctSec. Team chasesecurity-team_noreplies at chse.com which you can tell is bogus because your chase credit card company wouldn't be smart enough not to misspell their domain name. If you click on the link, you can see a rather nice copy of a Chase website, which is asking for login credentials. Go ahead and makeup something fake to put in there and it will bring you to a screen asking for credit card info. Try clicking some random links on the page and you will find that none of them work, instead telling you that you have to verify your identity first. Another clue is that the site forwards you to http://45.64.1.59, which I trace to Jakarta, Indonesia. I found a nameserver and did a whois search on it. Here are the results.. In short, don't believe everything you read. They love trying to sound official and scare you into giving your info away. Jason NR0X Domain Name: MAINTENIS.COM Registry Domain ID: 1944449125_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: www.enom.com Updated Date: 2015-07-03T18:25:38.00Z Creation Date: 2015-07-04T01:25:19.00Z Registrar Registration Expiration Date: 2020-07-04T01:25:19.00Z Registrar: ENOM, INC. Registrar IANA ID: 48 Domain Status: ok https://www.icann.org/epp#ok Registry Registrant ID: Registrant Name: DOMAIN ADMINISTRATOR Registrant Organization: PT. MASTER WEB NETWORK Registrant Street: CYBER BUILDING 9TH FLOOR Registrant Street: JL. KUNINGAN BARAT NO.8 Registrant City: JAKARTA Registrant State/Province: ID Registrant Postal Code: 12710 Registrant Country: ID Registrant Phone: +62.5269312 Registrant Phone Ext: Registrant Fax: +62.5269311 Registrant Fax Ext: Registrant Email: HOSTMASTER at MASTERWEBNET.COM Registry Admin ID: Admin Name: DOMAIN ADMINISTRATOR Admin Organization: PT. MASTER WEB NETWORK Admin Street: CYBER BUILDING 9TH FLOOR Admin Street: JL. KUNINGAN BARAT NO.8 Admin City: JAKARTA Admin State/Province: ID Admin Postal Code: 12710 Admin Country: ID Admin Phone: +62.5269312 Admin Phone Ext: Admin Fax: +62.5269311 Admin Fax Ext: Admin Email: HOSTMASTER at MASTERWEBNET.COM Registry Tech ID: Tech Name: DOMAIN ADMINISTRATOR Tech Organization: PT. MASTER WEB NETWORK Tech Street: CYBER BUILDING 9TH FLOOR Tech Street: JL. KUNINGAN BARAT NO.8 Tech City: JAKARTA Tech State/Province: ID Tech Postal Code: 12710 Tech Country: ID Tech Phone: +62.5269312 Tech Phone Ext: Tech Fax: +62.5269311 Tech Fax Ext: Tech Email: HOSTMASTER at MASTERWEBNET.COM Name Server: DNS1.MASTERWEBNET.COM Name Server: DNS2.MASTERWEB.NET Name Server: DNS3.MASTERWEB.COM Name Server: DNS4.MASTERWEBNET.COM DNSSEC: unSigned Registrar Abuse Contact Email: abuse at enom.com Registrar Abuse Contact Phone: +1.4252982646 URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2015-07-03T18:25:38.00Z <<< -----Original Message----- From: EIDXA [mailto:eidxa-bounces at mailman.qth.net] On Behalf Of Chase AcctSec. Team chasesecurity-team_noreplies--- via EIDXA Sent: Tuesday, March 7, 2017 8:04 AM To: eidxa at mailman.qth.net Cc: Chase AcctSec. Team chasesecurity-team_noreplies at chse.com Subject: [EIDXA] Account Suspension