One of these two sites is by phishing scumbags. The other is authentic. Except for the background images, they appear identical. What's the real difference that, if you don't realize, will result in your account being emptied and your sensitive info stolen? Maybe the tech folks will know instantly, but I'm pretty sure naive folks fall for this all the time. Btw, I'm neither tech guy nor naive.

One has the Chase logo, but that can easily be duplicated too.
The copyright date on one is out of date. I say it's the suspect one...

I've only been using a password manager since Jan 2021. I can't recommend it enough for anyone wanting password security.

One of the benefits of using a password manager such as the one I use, 1Password, is that when you use it on a fake site, it knows enough that it isn't the right website to which you married the login information (username and password) to.

Just based on the picture, assuming both pages are current and someone snagged those pics recently, the things that look suspicious is the 2021 copyright date on the bottom of the first and the fact password is the only thing bolded in the same picture. That’s odd that’s it’s not uniform and I don’t see the cursor in that field making it “active” and possibly bolded because of that. As a professional software QA person I would have filed a defect on that the first time I saw it. But neither guarantee anything if it’s an older pic and the cursor is blinking and the pic was taken in the millisecond it’s not visible.

With phishing much of the work is in the routing to get the customer there. Making users aware of links in email, texts or messaging and how they are delivered is important. The look of the site is easy to replicate, most of that is copy and pasted. I”d more want to see the address bar and what the site address look like than the the actual page. A lot of times that is a better indicator. They make it tough for non tech inclined people.

I remind my family all the time, never open the link sent suspiciously. You get a text, email, message from your cc company asking you log in to check something on your account like mysterious charges, etc and they give you a “convenient link” to take you there, just close the the message, go to your known good saved link and log in or just call them (again on a known good number, not one in the same questionable message) to verify everything is normal.

EDIT: I just saw Rey’s post above mine and can’t recommend 1password enough. I’ve been using it for almost 15 years.

The CHASE logo is actually also in the 2nd image and is identical to the one in the top image. I just happened to miss it when taking the screenshot.

So, what happened was, I received a "Chase Frauds" text message yesterday saying my "account is locked. Did you attempt a $203.25 withdrawal on 10/20 with your card? If NOT, visit https://secureblahblahblah/chase." But, I already spotted the bullshit. First Chase's text always comes by a code, not some full private phone number. Second, the "NOT". That ain't legit. Third, my account wasn't locked; still was able to use it. Obviously, I didn't click on and follow anything. But, to see how these assholes scam folks, I typed out their web address, and that 2nd image above popped up. If you're suckered in to enter your username and password there, they got you. But, how is that scam website different from the legit one? You cannot click on any of the "tabs" there. They are all fake/dead. On the legit one, they're all live.

mine, after clicking my own chase link: 2021 copyright date is legit.



fwiw:
i receive many questionable chase email links that want to confirm account info.

i can see what's bogus in the from email address!!

quote:

Originally posted by 12131:
Maybe the tech folks will know instantly, but I'm pretty sure naive folks fall for this all the time.

My father was neither naive to phishing nor to technology, but he somehow got taken. The bastards got his secret question answers, and then phoned the institution to request a balance then a check to empty it. Since they knew all the answers, the bank sent the check.

The voice was recorded by the bank, and the address the check was sent to is a physical business in California.

But the police didn't care. Nobody wanted to touch it.

^^^And NOBODY Cared...Surprise, surprise!

I use Ye Olde "Keepass" password manager.
I open that and click the saved link to connect. Never, ever, click links in an email when it involves sensitive info.

And when in doubt, call the number on the back of your CC. I've done that when they called and asked if I had charged something I didn't. "No I did not. Shut it down and I'll call you back w/ the number on the back of my card before we go any further.

I fell victim to it once. They got my old World of Warcraft info and if they paid the $ to reopen it, they were sorely disappointed in how much gold coin was in the account for their $.

 
One of the reasons I "View Source" on suspect emails. Then you can see in plain text the URL in the link.

A while back I received a rash of e-mails to my PC purporting to be from various banks - including Chase, with which I do have a credit card - saying "your account is locked" or similar. The banks with which I don't have, formerly had or never did have accounts with, I could eliminate right away. The "Chase" ones had spelling errors and the e-mail source was obviously not from Chase. But I can see how one less wary than myself might get trapped. I forwarded all those to phishing@chase.com.

The one you got to by going through an emailed link is the bad one.

Banking online always starts with a fresh browser opening and a direct typed URL for me.

quote:

Originally posted by henryaz:
 
One of the reasons I "View Source" on suspect emails. Then you can see in plain text the URL in the link.

I do this with each and every one of the "business" emails I receive before I click on anything.

quote:

Originally posted by mjlennon:
One has the Chase logo, but that can easily be duplicated too.
The copyright date on one is out of date. I say it's the suspect one...

Years ago when I started designing and programming Situation Rooms for various agencies and companies, I decided it would be slick to put a logo on their start page on the touch panel.

The first one I did, around 1994, was Wells Fargo. When the Wells Fargo heavy hitters saw the logo, they came unglued. I guess back in those days they had no idea how easy it was to replicate a logo. Believe me, it's trivial. Takes less than a minute to do.

A few weeks ago I got a slate of phone calls from First National Bank of Omaha. They had my card #, name, and did the whole "We saw fraudulent activity" spiel. They even called me back from the 800 number on the back of the card (spoofed, of course). They were phishing for the expiration date and CCV.

The last call they made, I managed to keep them on the line for about 5 minutes or so with typical BS - can you repeat that, what card, etc. The final straw was when I started talking about the last time I needed a Visa was when I tried to visit Turkey. They hung up, no calls since.

I automatically assume any and all email is suspect and dangerous, I NEVER click on any link from an email or a text message.

To go to a website of which I often use, I use the saved links tab of my browser, click on one of those, and go with that.

I'm wondering now, I have always assumed those were safe, but if you get a virus or malware or whatever, could they get into that and replace the legit saved links with their scammy spammy links?

I guess I could always just go to a fresh browser window and type in the desired link to go to. After I am done with a webpage I close X it out right away.

Sometimes I use Google to look up whatever site I want to go to and click on that, as far as I know Google should be pretty darn safe.

I'm not an expert on computer stuff, thanks for letting me ask what may be a stupid question.
.