Oh Look, An Email About My Credit Card!

Would you have fallen for this phishing scam?

Let’s play “how to identify a phishing email” together:

  1. CHASE ! (Seriously, you can’t just go around using David Malki !’s honorific. You have to earn that.)
  2. I do not currently have a credit card with Chase.
  3. Despite this, I am referred to as “Chase Customer.”
  4. That link? It goes to a DocX stored on Google Drive. I did not click the link, but you can tell it goes to a Google Drive file either by mousing over the link or by noticing the DocX attached to the bottom of the email.
  5. Real banks do not send you to Word docs.
  6. Real banks also don’t use “inbox.ru.” In case you’re curious, this implies that CHASE ! is operating out of Russia.
  7. It’s a little hard to tell, and keep in mind that I did not click the link to confirm, but it looks like that DocX asks you to click another link. Why not cut out the DocX middleman? Not that I want to teach CHASE ! how to be a better phishing scammer, but come on. Don’t use two clicks when you can just use one. This is, like, entry-level online marketing.
  8. The email was not, in the strictest of terms, sent to me:

I wonder who really owns “you@gmail.com.” That seems like it would be a really valuable email address.

Anyway, I reported the email both as spam and as scam:

Would you have fallen for an email like this? If you’ve got your own tricks to identify phishing emails, or a checklist you run through to make sure “please change your password” or “please log in” emails are legit, let us know.