Opinion: Always double-check before logging into your online banking


An email with a blue button to "review the activity" led to a Chase bank login page, making every bell in Jim Rossman's head go off at once. — Jim Rossman/TNS

I was talking on the phone with my mom last night when she told me about an email she received from her bank (Chase), warning of “some information on the dark web that may belong to her,” and to “sign in to get a closer look at the info we found.”

She said the email had a blue button to “review the activity,” and when she clicked it, there was a Chase bank login page.

As a tech journalist, these words made every bell in my head go off all at once.

SCAM.

I had not seen the email, but I told her it could very well be a phishing email designed to get her to enter the username and password to her online banking accounts.

I told her to forward the message to me and she did.

Turns out the message was legitimate. It was from a Chase monitoring program called Credit Journey, which includes setting up alerts for activity detected on the web.

Once I saw the email, several things I examined were clues to its authenticity.

If you’re on a computer, hovering the mouse pointer over the button revealed the underlying address, which was "https://www.chase.com/creditjourneyalerts."

It is very easy to create a fake webpage that looks exactly like the Chase sign-in page, but the underlying URL is usually a dead giveaway. In this case, "https" means the website is secure, and the Chase.com domain was real. Always check the address at the top of your browser page before logging in. Make sure it doesn’t look strange.

There was also fine print at the bottom of the email that stated, “If you have concerns about the authenticity of this message, please visit chase.com/CustomerService for options on how to contact us.”

I wasn’t thrilled to see a button in the email to log in, even if it was real.

I tell people to never click on a link in an email to access one of their important internet accounts. If you receive a warning of suspicious activity, leave the email and go to your usual bookmark for your account. Log in the way you usually would and see if there are any alerts there.

Contacting the bank’s customer service is always a good idea to verify the authenticity of any message.

In this age of being able to do anything online – especially with your money – please be extra careful. I’m glad Mom asked me about the message, and I’m happy it turned out to be a useful warning that a password she’d used in the past was found in a leak on the dark web.

Mom has since changed that password and even removed a few accounts online she no longer used. – Tribune News Service

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Exclusive-Microsoft works to add non-OpenAI models into 365 Copilot products, sources say
Google's proposed search result changes get thumbs up from EU airlines
Polish e-commerce Allegro's unit sues Alphabet for $568 million
Elon Musk's X lifts price for premium-plus tier to pay creators
US crypto industry eyes possible day-one Trump executive orders
Britannica didn’t just survive. It’s an AI company now
'Who's next?': Misinformation and online threats after US CEO slaying
What is (or was) 'perks culture’?
South Korean team develops ‘Iron Man’ robot that helps paraplegics walk
TikTok's rise from fun app to US security concern

Others Also Read