Massive Phish Reported at JPMorgan Chase
Sunnyvale, Calif.-based security company Proofpoint reported the discovery of a massive phishing exploit aimed at customers of JPMorgan Chase and a few other money center banks.
In an interview with CU Times, Proofpoint Vice President Kevin Epstein declined to name the other institutions, but indicated they were top 10 banks.
Especially interesting about this phish was that it departed from the recent trend where phishes – emails that aim to con the gullible into surrendering their financial login credentials to a criminal masquerading as a financial institution – had become more polished and well crafted, in part to better foil security screens that had been erected by email gateways.
“This is an old fashioned smash and grab,” said Epstein, who added that anyone who clicked on the link in the email, which purported to be an official communication from a major bank, was subjected to a barrage of malware intended to corrupt Java, Flash and to install malware named Dyre, a banking Trojan that seeks to steal banking credentials.
Epstein elaborated that the criminals behind this phish “knew it would be detected quickly, so they sent out high volumes of email.”
Epstein said victims clicked on the emails’ links “because we saw multiple waves.” And, he explained, criminals generally persist with a campaign only when they see results.
“They threw the kitchen sink at anyone who clicked on the link,” Epstein said, pointing to the wide range of attacks aimed at victims. He added that anyone who clicked, even if they immediately clicked away, probably got contaminated.
“It happened that fast,” he said.
Due to the wide range of attacks, Epstein said just about every device might suffer contamination.
Epstein stressed that this phishing campaign seemed unrelated to the breaking news that JPMorgan Chase had suffered a massive data breach involving the theft of many financial records.
Does this “smash and grab” indicate yet another shift in phishing trends? Experts simply do not know.
“This is an active battle,” said Epstein, who added that criminals continually change tactics and thus so do financial institutions.