Fake Chase emails worry state Labor Department
Jobless benefits recipients could get hurt by phishing scam
Normally, a phishing fraud involving a bank doesn't present too much concern these days, but when it involves one of the state Labor Department's key contractors, J.P. Morgan Chase, it creates some worry.
On Monday, the department issued a warning to unemployment insurance benefits recipients to be wary of emails claiming to be from Chase Bank that asked for account and private information.
This is apparently a phishing scheme, in which someone sends an email with logos and links to web pages that mimic a legitimate business for fraudulent purposes. The scams have been around for years.
Department spokeswoman Nancy Steffens said the Labor Department thought it prudent to post a warning after two recipients had expressed concern about the emails.
Chase is not only a major bank in the region, but a major vendor for the state. Since February of 2011, Chase has managed the distribution of payment to the jobless in the state, providing debit cards to those who do not opt for direct deposit and processing the payment to those who do have direct deposit.
"We don't have any indication accounts have been compromised," Steffens said.
The people behind the emails appear to be spamming the region with two very general requests asking for information as part of an upgrade or a need to confirm a client's identity.
"Chase is trying to determine who the specific sender is," Steffens said, confirming the department has discussed the problem with the bank.
She said there is no indication the spammers have a specific email list from Chase or the department.
Calls to Chase were not immediately returned Monday. But this is not the first time it has had someone hijack its name. And it's not the only institution to which this has happened.
Last December, the U.S. Attorney for the District of Connecticut announced a grand jury had indicted 14 Romanian citizens for a similar scheme that used the names of several banks over a period of years, including People's Bank, Chase, Comerica Bank, Regions Bank, U.S. Bank, Wells Fargo and PayPal. That ring was apparently selling the information it gleaned.
Generally, banks do not email people requests for this kind of information. If there is any doubt, people should not click a link in suspect email but instead call their bank to report the correspondence.
The department also advises people who believe their accounts might have been compromised to call Chase at 800-432-3117, or email email@example.com. You will have to provide your account number so the bank can monitor it or take proper action.