Date: September 8th 2009
My SSN and other sensitive information are compromised over internet. This problem happened when I tried to access chase.com website to pay my credit card bill. Following is step-by-step sequence of events:
1. I typed in chase.com on my laptop/MS internet explorer.
2. Entered login id and password for my account on chase.com website
3. Next page gave a form to fill up that read "To continue, please enter the information below to help us verify your identity." The webpage asked me to enter following information:
a) First name
b) Last name
c) Date of birth
e) Mother's maiden name
f) Card number
g) Card expiration date
h) Card CVV2
i) ATM Pin URL: https://mfasa.chase.com/auth/fcc/login Screen Shot:
5) On the new window I repeated step 2 and 3 and got the same web page. So I believed on the website and ENETERED ALL THE INFORMATION ASKED ABOVE
Next I contacted chase over the phone and they confirmed that the information asked on the webpage is never asked by the bank. I provided screen print and URL to them on firstname.lastname@example.org .
Bank's stand is that their website is safe and not hacked. They claim my computer may have virus for this phishing. However I have antivirus running all the time and my internet connection is secure.
I can now go to chase.com and pay my bills etc on the same computer and it does not give the same phishing web page.
I am concerned that my identity is compromised and if chase.com is hacked then millions of others are also at risk.