Cyren detected a 300% increase in Chase Bank-related phishing URLs from mid-May to mid-August. This was unusual since it was a significant and sustained increase, not just a spike that lasted a few days.

Launching a phishing attack today has never been easier, with the proliferation of phishing kits for sale on the dark web and in underground channels on Telegram. As it becomes easier to host phishing sites with free website hosting and domain name registrars, anyone with little-to-no technical skills can learn to launch attacks by watching a simple video tutorial.

Cybercriminals are also putting more focus on mobile devices, using text messages, WhatsApp, and other messaging services to launch attacks. These are often difficult to detect since anti-phishing solutions on mobile devices are not as robust as those on business email servers and mailboxes. It’s also harder for victims to differentiate fraudulent websites from real ones, making it simple for hackers to steal valuable personal data. Once data is stolen, it is vulnerable and can be accessed by anyone on the internet who is searching for it. Online search engines can easily uncover exposed usernames, email addresses, passwords, credit card numbers, and social security numbers.

From the end of May until this report was published, the research team reported a 300% increase in Chase phishing URLs. The phishers collect banking and credit card information, social security numbers, home addresses, and other very sensitive information. Attackers use both emails and text messages to lure victims to their phishing sites, easily bypassing detection on mobile devices. A phishing server often stores the stolen data, which can be readily viewed by anyone on the internet.

This report contains a behind-the-scenes investigation of phishing campaigns targeting Chase Bank customers. Cyren threat researchers followed a trail that began with a simple summary dashboard and ended with some examples of the damage phishers inflict when they trick an unsuspecting user into divulging highly sensitive, nonpublic personal information.

Read the full report by Cyren.