(Adds that FBI and FTC did not comment on attacks)
By Jim Finkle and Nadia Damouni
BOSTON/NEW YORK Aug 21 Fraudsters are targeting
JPMorgan Chase & Co customers in an email "phishing"
campaign that is unusual because it attempts to collect
credentials for that bank and also infect PCs with a virus that
steals passwords from other institutions.
The campaign, dubbed "Smash and Grab," was launched on
Tuesday with a widely distributed email that urged recipients to
click to view a secure message from JPMorgan, according to
security researchers with corporate email provider Proofpoint
JPMorgan, the No. 1 U.S. bank by assets, confirmed that
spammers had launched a phishing campaign targeting its
"It looks like they sent it out to lots of people in hopes
that some of them might be JPMorgan Chase customers," said bank
spokeswoman Trish Wexler.
She said the bank believes most of the spam was stopped by
filters at large Internet providers, adding that the email
looked realistic because the attackers apparently used a screen
grab from an authentic email sent by the bank.
Users who click on a malicious link are asked to enter
credentials for accessing accounts with JPMorgan. Even if they
did not comply, the site attempts to automatically install the
Dyre banking Trojan on their PCs, according to Proofpoint.
Dyre is a recently discovered piece of malware that seeks
credentials from customers of Bank of America Corp,
Citigroup Inc and the Royal Bank of Scotland Group Plc
, according to email security firm Phishme.
Proofpoint Vice President of Threat Research Mike Horn said
it is unusual for spammers to infect PCs with malware while
trying to persuade users to provide banking credentials because
that increases the odds of detection.
"Usually when they do credential phishing, that is all they
do. In this case, they are throwing in the kitchen sink," Horn
Proofpoint saw about 150,000 emails from the group on
Tuesday, the first day it noticed the campaign among its
customers in the Fortune 500 and higher education.
That makes it a moderately large campaign, but the largest
attempts involve sending more than 1 million pieces of spam over
a few days to Proofpoint clients, he said. The firm manages over
100 million email accounts.
Horn said that Proofpoint quickly identified the spam and
was able to stop it from infecting its customers, but was not
sure how effective it was at infecting others.
Horn said his firm was unsure who was behind the emails,
although much of the campaign's infrastructure was in Russia and
Ukraine, and the group's tactics were consistent with those of
Eastern European cybercrime gangs.
An FBI spokesman said he had no immediate comment.
A spokesman for the U.S. Federal Trade Commission, the key
federal agency charged with fighting spam, declined comment.
"Since FTC investigations are non public, I can't confirm or
deny whether we are looking into this issue," said agency
spokesman Jay Mayfield.
(Additional reporting by David Henry in New York; Editing by
Lisa Shumaker and Andre Grenon)