Physical Address
Lesya Kurbasa 7B
03194 Kyiv, Kyivska obl, Ukraine
How to Recognize Fake Chase Processing Transfer Emails
Fraudulent emails imitating messages from major banks pose a serious cybersecurity threat. One of the latest such campaigns is the “Chase – Transfer Is Processing And Will Be Deducted” phishing emails. In this guide, we’ll analyze in detail how to recognize this dangerous phishing scheme and what to do if you encounter it.
| Name | Chase – Transfer Is Processing And Will Be Deducted |
| Threat Type | Phishing, Scam, Social Engineering, Fraud |
| Fake Claim | $350.00 direct transfer is processing and will be deducted from the account on the next business day |
| Disguise | Chase Bank |
| Related Domains | boxauth[.]ru |
| Detection Names | alphaMountain.ai (Phishing), CyRadar (Malicious), Fortinet (Phishing), Webroot (Malicious) |
| Serving IP Address | 104.21.70.94 |
| Symptoms | Unauthorized online purchases, changed online account passwords, identity theft, illegal access of the computer |
| Distribution Methods | Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains |
| Damage | Loss of sensitive private information, monetary loss, identity theft |
What is the “Chase – Transfer Is Processing And Will Be Deducted” Phishing Email?
The “Chase – Transfer Is Processing And Will Be Deducted” phishing email is a spam message disguised as an official notification from Chase bank. These emails typically have the subject “You have a new secured message” and inform the recipient about a supposed transfer being processed that will be deducted from the account on the next business day.
The message states that the pending payment is 350 US dollars. It also notes that if the recipient does not recognize this activity, they can cancel it within the next 24 hours.
Text presented in the “Chase – Transfer Is Processing And Will Be Deducted” spam email letter:
Subject: You have a new secured message Monthly Service Fee | ATM fees View Online | Email Security Information Chase Logo Dear customer, Your direct demand transfer is processing and will be deducted from your account in the next business day. The following transaction will reflect on your transaction history once deducted. Payment details: Amount: $350.00 (USD) Memo: Cut off time: 12am of the next business day If this transfer wasn't requested by you tap on the link below to verify and stop this and any intermittent transfer scheduled before the next 24 hours. STOP AND VERIFY Warning: Ignoring or giving wrong details means you are not the rightful owner of this account and we are going to terminate the account if such activity is detected. Thank you for being a Chase Customer and we look forward to serve all your financial needs. Sincerely, Chase Online Service
It must be emphasized: all claims in this email are false, and it is in no way associated with the actual JPMorgan Chase Bank, N.A.
Source: Analysis of Chase phishing emails conducted by Trojan Killer researchers, 2025
How the Scam Works
When the recipient attempts to cancel the supposed transfer, they are lured to a phishing site. At the time of research, the promoted website was down. However, this could be fixed in potential future releases of the spam campaign (i.e., emails will redirect to a functional webpage).
Based on our experience, the promoted site was likely a fake Chase bank account sign-in page. Log-in credentials (or other data) entered into phishing websites are recorded and sent to scammers. Thus, trying to sign in through such a webpage can result in cyber criminals stealing the exposed account.
Hijacked finance-related accounts (e.g., online banking, money transferring, digital wallets, etc.) can be used to make fraudulent transactions or online purchases.
Victims of scam mail like “Chase – Transfer Is Processing And Will Be Deducted” can experience severe privacy issues and financial losses.
Examples of Common Phishing Campaigns
Chase bank impersonation phishing emails are part of a broader trend in cybercrime. Similar schemes include:
- “Wells Fargo – Account Suspended” – phishing emails notifying about supposedly suspended accounts
- “Chase – Refund Process” – emails with false refund messages
- “Notification Summary” – general notifications with minimal details designed to collect credentials
- “Two-Factor Authentication Activation” – emails urging to activate two-factor authentication through a phishing link
- “Bank Details” – messages about the need to update banking information
In addition to log-in credentials, these letters often target personally identifiable details and finance-related data. However, various scams are promoted through spam mail. It is also utilized in malware distribution (e.g., trojans, ransomware, cryptocurrency miners, etc.).
While the widely held belief that these emails are poorly written and riddled with mistakes is not untrue, it is not always the case. This mail can be competently put together and even believably disguised as messages from genuine entities (e.g., companies, service providers, organizations, institutions, authorities, etc.).
Source: Analysis of over 10,000 banking phishing emails, FBI Internet Crime Complaint Center, 2024
How to Spot a Phishing Email
While cyber criminals try to make their lure emails look trustworthy, here are some things that you should look for when trying to spot a phishing email:
- Check the sender’s (“from”) email address: Hover your mouse over the “from” address and check if it’s legitimate. For example, if you received an email from Microsoft, be sure to check if the email address is @microsoft.com and not something suspicious like @m1crosoft.com, @microsfot.com, @account-security-noreply.com, etc.
- Check for generic greetings: If the greeting in the email is “Dear user”, “Dear @youremail.com”, “Dear valued customer”, this should raise suspiciousness. Most commonly, companies call you by your name. Lack of this information could signal a phishing attempt.
- Check the links in the email: Hover your mouse over the link presented in the email, if the link that appears seems suspicious, don’t click it. For example, if you received an email from Microsoft and the link in the email shows that it will go to firebasestorage.googleapis.com/v0… you shouldn’t trust it. It’s best not to click any links in the emails but to visit the company website that sent you the email in the first place.
- Don’t blindly trust email attachments: Most commonly, legitimate companies will ask you to log in to their website and to view any documents there; if you received an email with an attachment, it’s a good idea to scan it with an antivirus application. Infected email attachments are a common attack vector used by cybercriminals.
To minimise the risk of opening phishing and malicious emails we recommend using Trojan Killer for Windows.
What to do if you fell for an email scam?
- If you clicked on a link in a phishing email and entered your password – be sure to change your password as soon as possible. Usually, cybercriminals collect stolen credentials and then sell them to other groups that use them for malicious purposes. If you change your password in a timely manner, there’s a chance that criminals won’t have enough time to do any damage.
- If you entered your credit card information – contact your bank as soon as possible and explain the situation. There’s a good chance that you will need to cancel your compromised credit card and get a new one.
- If you see any signs of identity theft – you should immediately contact the Federal Trade Commission. This institution will collect information about your situation and create a personal recovery plan.
- If you opened a malicious attachment – your computer is probably infected, you should scan it with a reputable antivirus application. For this purpose, we recommend using Trojan Killer for Windows.
- Help other Internet users – report phishing emails to Anti-Phishing Working Group, FBI’s Internet Crime Complaint Center, National Fraud Information Center and U.S. Department of Justice.
Connection to Other Cybersecurity Threats
Phishing schemes imitating bank notifications are often linked to other types of cyber threats. Attackers may use these emails to deliver more dangerous types of malware:
Connection to banking trojans: Opening attachments or clicking links from phishing emails can lead to infection with banking trojans such as TrickBot. Such trojans specialize in stealing banking credentials and can lead to direct financial losses.
Risk of data-stealing malware infection: Banking-themed emails often contain attachments disguised as financial documents. Opening such files can install information stealers similar to Emotet trojan, which steals not only banking data but also passwords from various services.
Ransomware as a consequence: In some cases, phishing campaigns serve as the first stage of complex attacks that may end with ransomware infection. For example, researchers have documented cases where initial banking-themed phishing eventually led to infection with ransomware such as LockBit 4.0.
Frequently Asked Questions
Why did I receive this email?
Emails are not personal, even if they include information relevant to the recipients. These messages are distributed in large-scale campaigns – therefore, thousands of users receive identical (or incredibly similar) emails.
I have provided my personal information when tricked by this spam email, what should I do?
If you have provided your log-in credentials – change the passwords of all potentially exposed accounts and inform their official support without delay. However, if you have disclosed information of a different personal nature (e.g., ID card details, passport photos/scans, credit card numbers, etc.) – immediately contact the appropriate authorities.
I have read a spam email but didn’t open the attachment, is my computer infected?
Merely reading an email does not pose an infection threat; systems are compromised when malicious attachments or links are opened/clicked.
I have downloaded and opened a file attached to a spam email, is my computer infected?
Whether the device was infected might depend on the opened file’s format. Once opened, executables cause infections almost without fail. However, some formats – like documents – may need additional interaction. Hence, malware download/installation is triggered after macro commands are enabled, embedded content is clicked, or other actions are performed.
Will Trojan Killer remove malware infections present in email attachments?
Trojan Killer is designed to scan systems and remove all kinds of threats. It can detect and eliminate most of the known malware infections. Keep in mind that sophisticated malicious software tends to hide deep within systems – therefore, running a full system scan is essential.
Conclusion
Phishing emails imitating Chase bank notifications pose a serious threat to users. They can lead to credential theft, financial losses, and even malware infection. Understanding the signs of fraudulent emails and practicing digital hygiene are crucial skills for protection in today’s digital environment.
Apply critical thinking when receiving any financial notification emails, especially those creating a sense of urgency or requiring immediate action. Remember that legitimate financial institutions never request confidential information via email and prefer that customers visit their official websites through secure channels.
