JPMorgan Chase & Co customers are being targeted in a e-mail “phishing” campaign which is uncommon since it tries to obtain credentials for the bank as well as infect PCs using malware that steals passwords from other sites.
The campaign, dubbed “Smash and Grab,” was introduced on Tuesday using a widely distributed email that prompted users to click to see a secure message from JPMorgan, as outlined by security researchers with corporate email supplier Proofpoint Inc.
“It looks like they sent it out to lots of people in hopes that some of them might be JPMorgan Chase customers,” said bank spokeswoman Trish Wexler.
She explained the bank feels the majority of the spam was halted by filters at large Web providers, adding how the email appeared authentic because the attackers used a screen shot from a genuine email provided by the bank.
Users who click the malicious link are instructed to enter credentials for accessing accounts with JPMorgan. Even when they didn’t comply, the site tries to quickly install the Dyre banking Trojan on their PCs, according to Proofpoint.
Proofpoint observed about 150,000 emails from the group last Tuesday, the first day it noticed the campaign among its customers in the Fortune 500 and higher education.
This makes it a reasonably significant campaign, but the major efforts involve sending more than 1 million pieces of spam in a couple of days to Proofpoint clients. The firm manages over 100 million email accounts.