![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
I'd just signed up for a card on Chase then received a spoof that looked like Chase Bank's "verification needed" emails, unwittingly submitted my username and password (yes, I changed them), then started typing some other personal details before realizing something wasn't right and blanked them out. I looked at the URL and it was for some shop in Poland (I did DNS and WHOIS etc lookup), though under a certain user folder (seemingly) that the website owner may or may not have been aware of.
The registration info here says I can't post links for a while, but I'm trying to figure out what other info I can get. The email was actually an image with a link that went to a different link than was in the image (of course). The link went to someplace in Indonesia, the submit-redirect link went to the Poland shop with the /username folder.
Is anyone of aware of this already, or how I can better track this down? I already reported it to Chase, and the Polish shop owner (through their customer support) but then noticed the spoof links were 404 or blank. I half expect a Chase employee is in on it considering I applied with a different email attached to the account.
Tech note: I've been digging through the HTML source code (still open in Firefox) to try to see what the onkeyup attribute Javascript function for the SSN field is going to do (maybe send it to their server), but I'm not sure how to get Firefox to show the function definition (debugger and network says 404). Any advice there either? Example: onkeyup="HandleKeyPress('rdoPersonalAccts','txtPerSSN1')"
The registration info here says I can't post links for a while, but I'm trying to figure out what other info I can get. The email was actually an image with a link that went to a different link than was in the image (of course). The link went to someplace in Indonesia, the submit-redirect link went to the Poland shop with the /username folder.
Is anyone of aware of this already, or how I can better track this down? I already reported it to Chase, and the Polish shop owner (through their customer support) but then noticed the spoof links were 404 or blank. I half expect a Chase employee is in on it considering I applied with a different email attached to the account.
Tech note: I've been digging through the HTML source code (still open in Firefox) to try to see what the onkeyup attribute Javascript function for the SSN field is going to do (maybe send it to their server), but I'm not sure how to get Firefox to show the function definition (debugger and network says 404). Any advice there either? Example: onkeyup="HandleKeyPress('rdoPersonalAccts','txtPerSSN1')"
