Chase Bank “Your Email Has Been Changed Successfully” Scam Explained

Written by: Thomas Orsolya

Published on:

Phishing scams are on the rise, with criminals sending out fake emails pretending to be from legitimate companies in order to steal personal information. One common phishing scam targets Chase Bank customers, sending an email with the subject “Your Email Has Been Changed Successfully” and claiming the recipient’s email address associated with their Chase account has been updated.

This sophisticated scam is designed to panic recipients into taking action by making them think their account is at risk. If the recipient clicks on the link, they are taken to a fake Chase website which tricks them into entering their login credentials, account numbers, or other sensitive information. The criminals can then use this information to steal money or identities.

This article will provide an in-depth look at how this Chase phishing scam works, how to identify it, and what steps you should take if you receive this email or have fallen victim to the scam.

scam 1 2

Overview of the Chase “Your Email Has Been Changed” Scam

The Chase phishing email with the subject “Your Email Has Been Changed Successfully” has been reported by many recipients over the past few years. The scam message is designed to appear like an official alert from Chase Bank, using trademarked terms like “Chase Mobile” and “Chase Member” in the body of the email.

Here are some key details on how the scam works:

  • The sender email address is spoofed to appear like an official Chase email, but shows variations like “chase@notification.chasse.com” which is not legitimate.
  • The email claims the recipient’s email address has been changed and provides a fake “verification” link to restore their account.
  • The link leads to a convincing but fake Chase login page that steals login credentials if entered.
  • The site asks for personal info like account numbers, social security number, etc. to “verify identity”.
  • The scam capitalizes on fear by threatening account suspension if the victim does not act quickly.
  • Official-looking disclaimers and trademark info are used to add legitimacy.

Here is how the scam email might look:

Subject: Your Email Has Been Changed Successfully
From: Chase Bank

Chase Bank Review Sign In
Date
…****

Your Information Has Been Updated.
Chase Mobile: Bank & Invest on the App …

Dear Chase Member,

As requested, we’ve changed your email address from xxxxx@xxxxxxx to r******************e@outlook.com.

Your security is important to us. If this change was unauthorized or incorrect, please use the link below to recover your account immediately. (A one-time verification of your account maybe required)

Complete A One-time Verification Process

Thank you for your Membership

Chase Mobile®: Bank & Invest on the App …
Chase Security Team

Was this alert helpful?

Absolutely
Sure
Neutral
Not Really
Nope

Important Information from Chase Security Team

Contact Us | Privacy | Help Prevent Fraud

To ensure delivery, add chase@notification.chase.com to your address book.

This email was sent to xxxxx@xxxxxxx and contains information directly related to your account with us, other services to which you have subscribed, and/or any application you may have submitted.

Unsubscribe with one click if you no longer want to receive this account alert.

The site may be unavailable during normal maintenance or due to unforeseen circumstances.

Chase does not provide, endorse or guarantee any third-party product, service, information or recommendation listed above. The third parties listed are not affiliated with chase and are solely responsible for their products and services. All trademarks are the property of their respective owners.

This scam is dangerous because it creates a sense of urgency and concern that the victim’s account is compromised. Many unsuspecting recipients, especially older adults, can be tricked into clicking links and providing information.

How the Chase “Your Email Has Been Changed” Scam Works

Here is a step-by-step breakdown of how the phishing scam unfolds:

Step 1: The Recipient Receives the Fraudulent Email

The scam email is sent out to thousands of email addresses at once, expecting only a small percentage to be Chase Bank customers. For those who do bank with Chase, the email subject line “Your Email Has Been Changed Successfully” is meant to create instant concern that their account email has been switched without consent.

Step 2: The Email Redirects the Recipient to a Fake Chase Website

If the recipient clicks the “Complete A One-time Verification Process” link in the email, they are taken to a fake Chase website. This site is designed to look exactly like the real Chase login page, including branding, colors, fonts, and layout. The URL will appear legitimate at first glance.

Step 3: The Fake Site Asks the Victim to Enter Their Chase Login Details

The fake Chase site presents a login form asking the victim to enter their username and password to “verify their identity” and unlock their account. If they comply, they have now handed over their actual Chase credentials directly to the scammers behind the fake site.

Step 4: The Scammers Use the Login Info to Access the Real Chase Account

With the victim’s actual Chase username and password, the criminals can now access and take over their real Chase account. They can withdraw funds, steal personal data, remove money, apply for cards/loans, and more.

Step 5: The Fake Site Requests More Personal Info to “Further Verify” Identity

After capturing the login credentials, the fake Chase site serves up additional forms claiming more info is needed to confirm identity, unlock the account, and reverse the invalid email change. The scam site requests sensitive info like Social Security number, account numbers, online banking passwords, security question answers, and more.

Step 6: The Criminals Use All Captured Data for Financial Fraud

Armed with login credentials, account info, SSNs, security answers, and other intel captured through the scam site, the criminals have everything they need to drain accounts, open fraudulent cards, steal identities, and commit other financial fraud against the victims.

Warning Signs of the Chase “Email Changed” Scam

While this phishing scam is sophisticated, there are a few key signs that reveal it is fraudulent:

  • Generic greeting like “Dear Chase Member” instead of your name.
  • Senders address contains typos, extra words, or varies from official emails.
  • URL redirect link is misspelled, contains extra words, or letters substituted for numbers.
  • Email requests sensitive data Chase would never ask for by email.
  • Language creates strong sense of urgency to act immediately.
  • Threatens account suspension or other consequences for not acting quickly.
  • Poor grammar, spelling errors, or other typos.
  • Disjointed text, inconsistent formatting, or suspicious disclaimers.
  • Requests disabling security protections or downloading remote access software.

If you see these red flags, do not click any links, open attachments, or respond. The email is unsafe and designed to steal information.

What to Do If You Get the Chase Phishing Email

If this suspicious email arrives in your inbox appearing to be from Chase Bank, take the following recommended steps:

  • Do not click on any links or download attachments from the email.
  • Forward the scam email to Chase Bank at phishing@chase.com and delete it.
  • If you clicked the link, call Chase immediately to check your account status and report the phishing attack.
  • Run a virus scan on your device in case clicking the link downloaded malware.
  • Change your Chase password and online banking PIN through the real Chase website or Chase mobile app.
  • Set up two-factor authentication if not already enabled.
  • Monitor your Chase account closely over the next weeks for any fraudulent activity.
  • File a report with the FBI’s Internet Crime Complaint Center.

Being proactive helps minimize damage from the scam. But if you entered information into the fake site, take steps to protect your identity.

What to Do if You Entered Your Information on the Fake Site

If you entered any sensitive personal, financial, or login information on the fraudulent Chase site, take these steps immediately:

  • Call Chase’s 24/7 fraud team at 1-888-624-4128 to report it. Alert them that you were scammed into providing account details or other info. They can take action to lock down your account.
  • Change your Chase password, security questions, and online banking PIN again if entered on the fake site. Do this through the real Chase app or website when you have confirmed your account is safe.
  • Review all Chase accounts frequently for signs of fraudulent charges or activity. Report any suspicious transactions.
  • Consider placing a freeze on your credit file with Equifax, Experian and TransUnion to avoid identity theft.
  • Monitor your credit reports regularly for any accounts opened fraudulently in your name. Quickly report any unauthorized or suspicious credit activity.
  • File an identity theft report with the FTC at IdentityTheft.gov and provide a copy to the credit bureaus and Chase Bank.
  • Contact Social Security Administration if your SSN was compromised. Request new card with updated number.
  • Update logins and security for any other sensitive accounts, especially financial or government services, if passwords were reused or exposed.

Beware of Follow Up Phishing Scams

Criminals often follow up successful phishing scams with more attacks targeting the same victims. Watch out for additional emails or phone calls claiming to be Chase:

  • Scam emails requesting you to “verify account changes”.
  • Calls claiming your account or debit card has been compromised.
  • Messages alerting you failed logins were detected on your account.
  • Offers to help get your money back or investigate the scam.

All of these are further phishing attempts to collect more personal details. Remember Chase will never handle important account communications over email. Hang up on suspicious calls and forward scam emails to phishing@chase.com before deleting.

 

Frequently Asked Questions about the Chase “Email Changed” Scam

1. What is the Chase “Your Email Has Been Changed” phishing scam?

This is a fraudulent email scam sent to Chase Bank customers claiming their email address has been changed on their account. The email contains a link to a fake Chase website designed to steal login credentials and sensitive personal information. This allows criminals to take over real Chase accounts for fraud and identity theft.

2. How can I identify the Chase email scam?

Warning signs include a suspicious sender address, typos, threats to suspend your account, requests for sensitive information Chase would not seek by email, and an urgency to click links and provide data. Real Chase emails address you by name and would never include account changes by email.

3. What should I do if I receive the suspicious email?

Do not click any links or provide any information. Forward the email to phishing@chase.com and delete it. Call Chase to confirm your account is safe. Change your Chase password and enable two-factor authentication.

4. What if I clicked the link or entered information into the fake site?

Immediately call Chase fraud team at 1-888-624-4128. Report that you were scammed into providing account details or personal information. Update your Chase password and security questions using the real Chase website or mobile app. Place a fraud alert and monitor your credit reports closely for suspicious activity.

5. How can the scam website steal my Chase login credentials?

The fake website is designed to mimic the real Chase login page. If you enter your username and password, you are giving the scam operators direct access to take over your real account and commit financial fraud.

6. What other personal information did the fake site attempt to collect?

In addition to account login credentials, the scam site tries to trick you into providing Social Security number, account numbers, online banking passwords, security questions and answers, and other valuable details the criminals can use to steal identities.

7. What types of fraud and financial crimes might this scam enable?

Access to login credentials and sensitive personal information allows criminals to drain checking/savings accounts, open fraudulent credit cards and loans, steal identities, file fake tax returns, and commit other forms of financial fraud against victims.

8. How can I avoid falling for the Chase email scam?

Be wary of any emails claiming account changes or problems and never click embedded links. Log in directly through the Chase website or mobile app to view notifications. Enable two-factor authentication for an extra layer of security on your account.

9. How can I protect myself against phishing in general?

Always verify the sender address before opening emails. Check for typos, grammar issues, or urgent threats demanding immediate action. Never provide sensitive information via email. Use antivirus software and monitor accounts routinely for fraud.

10. What should I do if I was victimized by the Chase phishing scam?

Immediately contact Chase fraud team and report unauthorized account activity. Place fraud alert with credit bureaus, monitor credit reports, and file an FTC identity theft report. Update passwords and security questions for all sensitive accounts compromised by the scam site.

The Bottom Line

The Chase Bank “Your Email Has Been Changed Successfully” phishing scam is specifically designed to trick unsuspecting customers into revealing sensitive personal and financial information. By understanding common tactics used in the scam email content and fraudulent website, recipients can better detect the warning signs before falling victim. Anyone who does mistakenly enter information or click links should take swift action to report it and prevent identity theft or financial fraud. Remaining vigilant against phishing attempts, using strong security habits online, and monitoring accounts closely can help avoid major headache and losses from this scam.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Leave a Comment

Previous

Platotrade.com Crypto Scam Report: Our Investigation

Next

“Your Chase Banking Has Been Disabled” Email Scam Explained