I recently got a notice for a bank I deal with the they wanted to verify a charge I did, to protect my identify. But this is where it get stupid.
They send me a e-mail
If you look at the link
Transaction Authorized - it links to https:// activityconfirmation.chase.com/p/Chase_Fraud_RTM/ProdResponseHash?seq=&resp=Y
Note: Real sequence number has been changed to protect data
Upon clicking the link, the next site I see
activityconfirmation.chase.com and then get redirected to
Note:Real sequence number has been changed to protect data
Who Is profile.na.epidm.net ??? and the web site has broken links on it !
So I call Chase and they do not know who epidm.net is but they say contact Abuse @ Chase.com so i do
and this is the best part
the reply is
Thank you for forwarding your recent e-mail to our Abuse mailbox. We have reviewed the message and it is a valid notification from us regarding Urgent Chase Confirmation ?
Recent transaction for account ending in xxxx. If you have any questions or concerns about this e-mail, please contact us at 1-877-CHASEPC. Thanks for choosing Chase.
Email Customer Service Representative
email address firstname.lastname@example.org
So not I get reply from not Chase but another company and they do not understand why I think their security stinks.
I then call Chase and after speaking to 20 people i get—you guessed, it no it not a issue.
Why the Chase Bank does not understand is it not good to deal with a bank you redirects you to 3 different domains and they think that fine.
My warning is to deal with banks who understand security and practice it. Do not use a bank if they do not understand on-line security. Sorry Chase you lost me as a customer.