Chase phishing emails: How to spot them

What is a Chase phishing email?

A Chase phishing email is a scam email from cybercriminals claiming to be official Chase Bank employees. Over 80 million people use Chase banking, which gives scammers a wide net of potential targets. Phishing attacks abuse the trust of Chase bank customers to steal sensitive data, including bank account information, Social Security numbers, and credit details.

Data from the Federal Trade Commission showed that in 2023, email replaced phone calls as the number one phishing method, so it’s never been more important to know how to spot Chase Bank fraud emails and other scams.

How can you tell if an email from Chase is real?

Chase often uses email for legitimate messages, and thankfully, it is easy to tell if an email from Chase is real. Consider the following factors:

• Chase will never ask for confidential information via email. Chase may ask for certain sensitive information to verify your identity; however, you will initiate the conversation in those cases. If Chase needs to confirm your identity, it will likely happen on a phone call with Chase’s official customer service channels. Chase Bank employees will never ask for this kind of personal data via email.
• Bank emails do not contain online forms. Just like Chase will never ask you to provide personal data via email, it will never ask you to give sensitive information through an email form.
• Chase emails do not contain grammar or spelling errors. Chase emails are always professionally written and proofread by native speakers, so you may be dealing with a fraudulent email if you encounter typos, grammar mistakes, or strange phrasing.
• Lack of pressure tactics. Cybercriminals often create a false sense of urgency to get you to act without thinking. Chase scam emails may claim you must verify your identity immediately to block fraudulent activity or reactivate a suspended account. If you are ever worried that your account may be compromised, contact Chase directly.
• All Chase Bank links redirect to www.chase.com. Before you click any link in an email, hover your cursor over it to check where the URL is leading. Legitimate Chase links will only redirect to their official website, chase.com. If you see any other URL, do not click! Be on the lookout for URL phishing links that may seem plausible at first glance, like chase_bank.com or chasbank.com.
• Chase emails do not contain malicious attachments. Chase sends you important documents, like bank account statements, through their secure online platform or the mail. Do not download any email attachments.
• Look for personally identifiable information. Chase emails will greet you by name and include details that connect to your relevant accounts, like the last four digits of your credit card or your bank account number.
• Check for contact details. Chase emails always include other points of contact, such as customer service phone number or mailing address. If an email does not include this information, it is likely a scam. If an email does include other contact information, double-check it with a search engine. Chase’s official customer communication phone numbers, mailing addresses, and email addresses are all publicly available online.

How does a Chase phishing email work?

A Chase phishing email works by tricking you into divulging bank information or downloading malware onto your computer.

The phishing scam starts by claiming to be official JPMorgan Chase communication. Cybercriminals often use templates with Chase branding, including logos, fonts, and colors, and they may even take advantage of a technique known as email spoofing. Email spoofing makes the sender appear to come from an @chase.com email address, but if you click on the name, you will see that the email actually originates from another domain.

Once you open the email, the scammers will direct you to take action. They may ask you to email them back with financial information, or they could direct you to a link, online form, or attachment. When you engage with scammers, you put yourself at serious risk.

Cybercriminals use Chase phishing emails to:

• Gain access to passwords for online accounts.
• Get Chase card details, including numbers, security codes, and expiration dates.
• Steal sensitive personal information, like your social security number, home address, birthday, and answers to security questions.
• Encourage you to transfer money to them.
• Download malware (like viruses, spyware, or ransomware) onto your device.

With this information, scammers can target you for identity theft, drain your bank account, or tank your credit score.

The most common Chase phishing email scams

Familiarize yourself with the most common Chase phishing email scams to avoid falling victim to cybercriminals:

• 1. Account verification scams
• 2. Suspicious activity scams
• 3. Account suspension scams
• 4. Document scams
• 5. Zelle scams

An account verification phishing scam is an attempt by cybercriminals to get your bank account details or other personally identifiable information. Victims receive a fake Chase email requesting immediate account verification.

If you click on the provided link, you will be redirected to a fake website that dupes Chase’s login page. Once you attempt to log in, the scammers will have access to your online banking passwords.

Another known variation of the account verification scam claims that Chase has changed its online banking software, so you need to confirm your data to access your account on the new platform.

The provided link seems connected to Chase’s official web domain, but if you hover your cursor over it, you will see that it is sending you to a malicious website.

Suspicious activity scams weaponize your fear of cybercrime to turn you into a victim. This Chase fraud alert scam sends you a notification of suspicious activity on your credit card, debit card, or bank accounts and asks you to immediately confirm whether you made the purchase.

No matter which button you click, you will be taken to a fake website that collects your personal information for “verification purposes.” This phishing attempt may also urge you to protect yourself by transferring funds immediately to a new, “secure” account—which is controlled by the scammers.

If you are unsure whether you have encountered a Chase fraud alert scam or a real notification, log into your Chase account directly through the website or mobile banking app (not the email link). If your credit card details leaked and scammers really do have your card information, the suspicious purchase will show up on your account, and you can report the fraud through Chase’s official channels.

An account suspension phishing scam combines tactics from account verification and suspicious activity scams. In this phishing attack, victims receive a Chase spam email that claims the recipient’s account has been suspended due to unauthorized charges.

If you follow the provided link, you will be sent to a malicious website that asks you for sensitive information, including your home address, Social Security number, bank account numbers, and passwords.

Document scams claim to be sending important banking documents, such as a credit card or bank account statement, via email attachments. In reality, those attachments contain malware, and once you download them, your computer will be infected.

Chase uses Zelle, a payment app, to allow its customers to easily send money to friends and family. However, scammers utilize the Zelle feature as another avenue for scams.

In this Chase phishing email, you will receive a notification that your Zelle information was deleted or changed and you need to act quickly to secure your account. If you take the bait, the email will redirect you to a malicious website that claims to be related to Chase or Zelle, but it is a ploy to steal your personal information.

Until recently, Chase users knew the Zelle feature as Chase QuickPay with Zelle, so if you receive an email that references QuickPay, you know you are dealing with a scam.

What should you do if you click on a link in a Chase phishing email?

Act quickly if you click on a link in a Chase phishing email. Time is of the essence because you may have unwittingly given cybercriminals access to your personal information. Follow these steps for what to do if you click on a phishing link:

1. Call Chase’s fraud department immediately. They will freeze your relevant accounts, start a formal investigation, and advise you on the next steps. Call 1-800-955-9060 for credit card fraud, 1-800-978-8664 for debit card fraud, and 1-800-935-9935 for checking and savings account fraud.
2. Flag the email as spam and delete it.
3. Scan your device for malware. If you find any, quarantine and delete it.
4. Change your banking passwords, as they may have been compromised. Select a new, hard-to-guess password for every account. If you used your banking password or any close variations for another account, change that password.
5. Monitor your Chase accounts for unusual activity. If you see an unauthorized charge or wire transfer, immediately contact Chase.
6. Run a credit report to make sure no one has opened new accounts or taken out loans in your name.
7. If you think you have fallen victim to identity theft, file a report with the Federal Trade Commission.

How to report Chase phishing emails

Even if you don’t engage with suspicious links, attachments, or forms, it is still critical to report Chase phishing emails. Reporting phishing emails to Chase Bank allows their representatives to fully investigate the scam and protect other users. To report Chase phishing:

1. Act immediately and forward the suspicious email to phishing@chase.com.
2. Report Chase phishing to the Federal Trade Commission at ReportFraud.ftc.gov.
3. Mark the email as spam and delete it.

How to protect yourself from Chase phishing emails

While phishing attacks can be scary, if you cultivate some Internet security best practices, you can protect yourself from Chase email scams.

• Use the SLAM method: Whenever you encounter a strange email, remember the SLAM method:
  • S – Sender. Verify the sender.
  • L – Links. Never click any links.
  • A – Attachments. Don’t download any attachments.
  • M – Message. Check the message for evidence of phishing, like typos and pressure tactics.
• Search online: Many users and organizations post Chase phishing scams to the internet once uncovered. Type a suspicious email’s first sentence or two into a search engine to see if you are dealing with a known scam.
• Log into Chase directly: Instead of clicking email links, always log into your Chase online account via their website or mobile banking app.
• Choose strong passwords: Pick unique, hard-to-guess passwords for every account and change them regularly. Try to use a combination of upper- and lowercase letters, numbers, and symbols.
• Enable two-factor authentication: Two-factor authentication (2FA) is a cybersecurity technique that requires additional login information, such as a one-time login code sent via text. When you have 2FA enabled, cybercriminals won’t be able to gain access to your account, even if your password is compromised during a data breach.
• Use anti-phishing software: Anti-phishing software can help protect you from malicious websites, malware, and hackers using public Wi-Fi. For example, NordVPN’s Threat Protection Pro blocks known phishing attempts so that you can browse safely.
• Never share your passwords: Chase representatives will never ask for passwords, PINs, or login codes for online accounts. If someone is trying to get your login information, they are almost certainly a bad actor.

With a little common sense and cybersecurity know-how, you can stay safe and avoid Chase phishing scams.