Proofpoint: Email phishing campaign targeting JPMorgan customers

Security researchers with corporate e-mail provider Proofpoint Inc have revealed that an unusual email 'phishing' campaign was launched by fraudsters on Tuesday, to target the customers of JPMorgan Chase & Co. --- the top- ranking US bank in terms of assets.

The phishing campaign - dubbed 'Smash and Grab' - is unusual because it apparently aims at collecting credentials for JPMorgan Chase bank, along with infecting computers with a virus to steal passwords from other institutions.

According to the Proofpoint security researchers, the 'Smash and Grab' campaign has been launched by fraudsters via a widely distributed e-mail which essentially requests recipients to click a malicious link for viewing a supposedly secure message from JPMorgan.

Noting that JPMorgan customers who click on the malicious link are asked to enter credentials for accessing accounts with the bank, Proofpoint researchers said that even if the customers do not comply, the site attempts to automatically install the Dyre banking Trojan on their computers.

JPMorgan has confirmed that its customers are being targeted by a phishing campaign. The bank's spokeswoman Trish Wexler said: "It looks like they (fraudsters) sent it (email) out to lots of people in hopes that some of them might be JPMorgan Chase customers, because there are a lot of them. We are seeing this as a very small incident."

United States