How To Spot a Chase Phishing Email (5 Chase Email Scams)

How Do You Know If an Email From Chase Is Real?

Over the last few years, many Chase Bank customers have been targeted with phishing emails. Designed to look like legitimate messages from Chase Bank, these emails contain harmful links that could give scammers access to your Chase online banking account — if you’re not careful.

Unfortunately, it’s getting more difficult to identify a phishing email — and it’s costing Americans millions of dollars. 

According to the Federal Trade Commission (FTC) [*]:

Americans lost over $422 million to email scams in 2022 alone — with more than 150,000 reports of bank-related identity fraud specifically. 

If you’re a Chase customer, it’s important to understand what a fraudulent email looks like and know what to do if you unknowingly give hackers access to your account details.

{{show-toc}}

What Is a Chase Phishing Email?

Chase phishing emails are fraudulent messages sent by scammers posing as Chase Bank —seeking to obtain your personal details or financial information. 

Cybercriminals use phishing emails (as well as fake phone calls, social media messages, and SMS texts) to create a sense of urgency and stress. The email message often claims your bank account has been compromised or someone attempted a large ATM withdrawal or wire transfer from your account.  

The reason these schemes work is that scammers know you’re likely to act quickly if you think your bank account or savings are at risk. 

Here’s what can happen if you fall for a Chase Bank scam or click on a link in a phishing email:

• Hackers could gain access to your online bank account. Many phishing emails include links to fake websites that look identical to the legitimate “www.chase.com” login page. But if you enter your login credentials, they're immediately sent to the scammers.
• Your device could get infected with malware. Some phishing emails contain malicious attachments or links that, when clicked, download harmful software onto your device. This malware can steal personal information, spy on your online activities, and even lock you out of your own device.
• Scammers could trick you into sending them money. In some cases, phishing emails claim that there's an urgent payment you have to make or a pending transaction that requires your attention. If you fall for this tactic, you could unknowingly send the fraudster money — which can be almost impossible to get back.
• Your personal information could be used for identity theft. Phishing emails may request additional personal details such as Social Security numbers (SSNs), addresses, or birthdays. Providing this information can lead to identity theft, and open the door to further financial exploitation. 
• You may become a victim of other scams or targeted attacks. Engaging with phishing emails signifies to cybercriminals that you may be susceptible to other forms of deception. As a result, they might target you with additional scams in the future.

The bottom line: Scammers are almost always financially motivated — and sending phishing emails claiming to be from your bank are among the most common ways that scammers try to gain access to your funds. 

Example: A Chase Phishing Email That Almost Worked

Scammers are continuously sharpening their tools and crafting increasingly compelling phishing emails. But despite their best efforts, they usually leave behind clues that indicate you're dealing with a scam.

For example, here’s a Chase Bank phishing email that was sent to customers a few years ago:

At first glance, this email is somewhat convincing. It includes the proper Chase Bank logo, the “from” name is Chase Fraud Alert, and the message looks like it links to the official “Chase.com” website. 

But upon closer review, it becomes clear that this email is a fake. Here’s why:

• The sender has spoofed the email address “From” name. Anyone can change an email "From" name to look like it's coming from Chase (or any other individual or organization). However, if you click on the name to reveal the sender’s true details, the email isn't from the official “@chase.com” domain.
• The link takes you to a suspicious domain. If you hover over one or both of the links (don't click!), you’ll see that they don’t take you to the official Chase Bank website. This is a dead giveaway that the email is fake.
• There are no additional contact methods provided. The message contains no phone number, address, or other way to get in touch with the sender. Most legitimate banks always include this information in their official communications with customers.
• There's no personally identifiable information (PII). This email lacks any specific details that tie it to your personal account, such as your name or the last four digits of your credit or debit card number. If this were a real security email from Chase, it would likely include some information to indicate that the communication is specifically for you.
• The sender wants you to act quickly. The email prompts you to act immediately, creating a sense of urgency. This is a common tactic fraudsters use to encourage fast action without allowing you to think through the situation carefully.

The 5 Latest Chase Phishing Email Scams

While the warning signs of a phishing attempt may seem easy to spot, scammers are only getting better at tricking victims. Here are a few of the most common Chase phishing email scams to watch out for:

1. There’s been an unauthorized charge on your Chase card

In this scam, fraudsters send you an email about an unauthorized charge on your Chase credit card — with a request that you “confirm” the charge.

But if you respond in any way, you’ll either be taken to a fake website or receive a phone call from someone posing as a Chase Bank employee who will convince you to share information or transfer your funds to a so-called "secure" account via a payment app like Zelle.

What makes this scam so dangerous is that fraudsters can personalize it with stolen information, such as your name and the last few digits of your card number. But don’t be fooled by these details as they can be easily obtained on the Dark Web after a data breach.

What to do if you get this Chase phishing email: If you’re notified about a fraudulent transaction, log in to your Chase account directly via the website or mobile app to verify the information for yourself. Never log in to your bank account by clicking on a link in an email or text message.

💡 Related: 20 Phishing Email Examples (And How To Spot Them) →

2. Your online Chase account has been temporarily suspended

Scammers often send phishing emails that claim your bank account has been temporarily suspended and will remain so until you “verify” your account numbers, passwords, or other sensitive information — such as your Social Security number (SSN).

Again, if you click on the link, you’ll most likely be taken to a fake Chase online banking login page that steals your account information. 

Unfortunately, Chase Bank customers aren’t the only ones dealing with this scam. There is a similar Bank of America phishing email that’s going around, so be vigilant if you have accounts with either bank.

What to do if you get this Chase phishing email: Log in to your Chase account directly to see if your account has been suspended. If there’s no message indicating the suspension, you’re dealing with a phishing scam.

3. You need to update your personal or account information

Scammers often disguise phishing attempts in basic “update” emails. These messages claim that Chase needs updated information for your account before you can continue using it and request that you log in and update your account. 

But by entering your sensitive details on an attached PDF or fake website, you're handing your data directly to the scammers who have sent the message.

What to do if you get this Chase phishing email: If you get a suspicious email from Chase asking you to update your contact information, call the bank directly by using the number found on Chase’s official website in order to confirm its authenticity. If the email is legitimate, you’ll be able to update your information over the phone.

💡 Related: What Can Scammers Do With Your Name and Address? →

4. Fake Chase credit card account statements

This phishing attack lures you into thinking you've received an authentic statement from Chase Bank. The email may include an attachment that claims to be your latest statement or a link to log in to your account. 

But clicking on the link will take you to a fake login page on which you’ll be asked to enter your bank account information. 

Alternatively, the email may include an attachment (purported to be your account statement) that, when downloaded, infects your device with malicious software.

What to do if you get this Chase phishing email: Never click on links or open unfamiliar email attachments, especially if you think the message might be a spoof. Chase Bank only offers paperless statements when you log in to your account — you’ll never receive a statement via email. 

5. Your contact details were deleted from your Chase QuickPay settings

This scam makes you think someone has gotten into your Chase account and is deleting or changing your QuickPay information (like your email address or phone number). 

The message will urge you to click on a link to investigate the situation or confirm that you made the changes. However, this link leads to a fraudulent website on which your login credentials are collected by cybercriminals when you attempt to "fix" the issue.

What to do if you get this Chase phishing email: If you receive any concerning emails from Chase, call the bank directly to confirm if there’s a security issue with any of your accounts. If there’s not, forward the email to the bank’s fraud department so they can investigate.

💡 Related: How To Protect Your Bank Account From Identity Theft →

Did You Open or Click on a Link in a Phishing Email? Do This!

If you accidentally opened a phishing email or engaged with a Chase phishing scam in some way, don't panic. Here's what you should do next:

• Contact Chase immediately. Chase has a dedicated fraud department that can help you secure your account. Checking and savings customers can reach Chase’s fraud department  at 1 (800) 935-9935, and credit card customers can call 1 (800) 955-9060. You can also forward suspicious emails to phishing@chase.com.
• Change your passwords. Once you've reported the incident to Chase, change your password. Remember to use a unique password for each account to help keep your information secure.
• Monitor your accounts. Keep a close eye on your Chase accounts (and any other financial accounts) for unauthorized activity. Notify the bank immediately if you see any unfamiliar transactions.
• Scan for malware. Run a full scan on your computer or mobile phone using antivirus software. Phishing scams often contain malware that can infect your device.
• Update your device software. Make sure all of your device's software is up to date, including your antivirus and web browser. Updates often contain security patches that help protect your devices from cybersecurity threats.
• Check on your other accounts. If you use the same password for your bank that you use for other personal accounts, you should change all of your passwords. Hackers may try to access your other accounts by using the same credentials.
• Get a copy of your credit report. When you’re dealing with financial fraud, it’s always a good idea to request a copy of your credit report. Check for new accounts that you don’t recognize or any other information that’s unfamiliar.
• Consider signing up for identity theft protection with credit monitoring. Aura’s all-in-one solution monitors your most sensitive personal information (SSN, phone number, etc.) for fraud — as well as all of your financial accounts and credit reports.  If anything is detected, you’ll be notified in near real-time and given the support you need to shut down scammers. 

How To Protect Your Bank Account From Scammers

All banks — including JPMorgan Chase & Co. — are prime targets for scammers. And while your bank does a good job of protecting your account from hacking and fraud, it can’t stop attacks targeted directly at you. 

Chase phishing scams present big problems for customers, which can lead to serious consequences if you engage with scammers. However, there are many ways to protect yourself and your information online. Here are a few tips for keeping your online accounts safe:

• Regularly monitor your bank statements. The faster you catch the early warning signs of fraud, the better. Keep an eye out for fraudulent or suspicious transactions, or use a trusted credit monitoring service like Aura to keep watch for you.
• Only use official banking apps for transactions. Log in to your online bank account only by using the bank’s mobile app or official website. This ensures that you don’t end up on a fake website designed to steal your personal information. 
• Avoid banking on public Wi-Fi networks, and use a virtual private network (VPN). A reliable VPN adds an extra layer of security by encrypting your internet connection. This makes it much harder for hackers to intercept your online activity or personal information. 
• Use secure and unique passwords. A strong password can be the ultimate form of protection for your bank account. Make sure you’re not reusing passwords across accounts. Instead, create unique passwords for every account, and include upper and lower case letters, numbers, and symbols. Aura’s robust password manager can store and protect all of your passwords for you, so you don’t have to worry about remembering them.
• Enable two-factor authentication (2FA) on your accounts. This is an additional security measure that requires a secondary form of authentication (such as a special code sent to your phone) before you can access your account. Accounts with 2FA are much harder for hackers to access. 
• Never give out passwords, PINs, or one-time use codes. Your bank will not ask for this sensitive information. Anyone who wants your codes, PINS, or passwords is trying to scam you. 
• Don’t click on links in suspicious emails. Always hover over a link first to see where it’s taking you. If you do click on a link, make sure you’re on the right domain and that it’s a secure website. 
• Install trusted digital security software. Aura’s all-in-one solution includes powerful antivirus software, a military-grade VPN, secure password manager, and Safe Browsing tools to block fake websites. 
• Keep yourself informed about new phishing scams. Fraudsters are always finding new ways to target your bank account. If any message seems suspicious, do a Google search to see if it’s a new scam. 

While you can follow these steps to keep your bank accounts safe, there’s always the chance that a new scam will slip past your defenses. 

Aura’s all-in-one intelligent safety solution can do the work for you and keep you and your whole family safe.

With Aura, you get transaction and bank account monitoring, award-winning identity theft protection and credit monitoring, artificial intelligence (AI)-powered digital security tools, and $1 million in identity theft insurance coverage for every adult member on your Aura plan. 

Keep your bank accounts safe from scammers. Try Aura free for 14 days.