It’s called the largest bank hack ever. Over 80 million bank accounts were compromised through June and July of 2014 at JPMorgan Chase Bank. Click here to learn more about it.
Now, JPMorgan is bracing itself and its customers for what could be a devastating new aftershock. Because the hackers, who are believed to be operating from Russia or "former Soviet satellite states," have so much sensitive data, it's only a matter of time before spear phishing catches unsuspecting victims.
First, let me break down spear phishing for you. It's not a kind of deep-sea or diving sport. Spear phishing is a specialized kind of phishing scam or email that is specifically tailored to the victim.
Remember that phishing is the digital form of fraud, "the activity of defrauding an online account holder of financial information by posing as a legitimate company," and it's way less fun than traditional trout or bass fishing.
So, in the case of the over 76 million accounts and seven million small businesses at risk, you would be seeing emails in your inbox that are from the scammers trying to steal even more of your information.
There are a few things you need to look out for if you see an email from Chase in your inbox. You may see an official-looking email with the JPMorgan Chase logo, or receive a call from someone claiming to be an account executive with information in the email tailored to fit you.
Be suspicious of anything - or anyone - that is asking for personally identifiable information over the phone. That includes your Social Security number, passwords to to banking accounts, PINs for debit cards, and bank account numbers.
There could also be a link in the email to update account information or to go to the "official" JPMorgan Chase website. But this is most likely a way to send you to a phishing site that looks a lot like the real one where you will be asked to "verify" all the information listed above.
“We would never ask for that personal information on the phone or in emails, it’s information that verifies who you are,” says a bank insider. “The problem is, other banks often ask for this information on the phone or in emails, so customers could be fooled.”
And if trying to steal your information wasn't enough, links embedded in spear phishing emails can also download malware and other malicious programs to your computer. This could cause all kinds of horrible things to happen, from scanning all of your files and stealing information to hijacking your computer for a botnet attack on other companies.
So, what can you do?
When in doubt, hang up the phone and don't click on anything in the email. Call your bank, visit your bank in person, or go to the official website yourself if you need to update information. Absolutely do not give sensitive information away over the phone or through electronic communications.
You should also be monitoring your credit and debit cards for strange charges. A JPMorgan bank official warns, “The way the hackers do it is, they start with small charges on your Visa or MasterCard, $1, $10, $50, to see if their hack works, then they ramp it up and go bigger with a larger hit and run charge.”