The JPMorgan customers are being targeted by the fraudsters in an email "phishing" campaign that is unusual as it attempts to collect credentials for that bank and also infect PCs with a virus that steals passwords from other institutions.

According to security researchers with corporate email provider Proofpoint, the campaign, dubbed "Smash and Grab," was launched with a widely distributed email that urged recipients to click to view a secure message from JPMorgan.

US-based JPMorgan has confirmed that spammers had launched a phishing campaign targeting its customers.

Bank’s spokeswoman Trish Wexler told Reuters, "It looks like they sent it out to lots of people in hopes that some of them might be JPMorgan Chase customers."

She said the bank believes most of the spam was stopped by filters at large internet providers, adding that the email looked realistic because the attackers apparently used a screen grab from an authentic email sent by the bank.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

According to Proofpoint, users who click on a malicious link are asked to enter credentials for accessing accounts with JPMorgan. Even if they did not comply, the site attempts to automatically install the Dyre banking Trojan on their PCs.

Email security firm Phishme stated that Dyre is a recently discovered piece of malware that seeks credentials from customers of Bank of America, Citigroup and the Royal Bank of Scotland Group.