"Capital Your Billing Information Change Notification" Phishing Scam

Sep 18, 2017 2017-09-18T09:27:46-05:00
Sep 18, 2017 2017-09-18T09:46:01-05:00

Online Threat Alerts (OTA)

Capital Your Billing Information Change Notification Phishing Scam

Capital One customers who have received email or SMS text messages like the one below, which claim their billing records have been updated and they are required to validate their accounts, or else their accounts will be terminated, should delete the messages. They should also not follow the instructions in the messages. This is because the messages are being sent by cyber criminals to frighten and trick potential victims into clicking on the links in them, which go to phishing websites that steal Capital One online account credentials.

Advertisements - Continue reading below

The "Capital Your Billing Information Change Notification" Phishing Scam

From: Capital One

Sent: Saturday, September 16, 2017 7:35 PM

To: Recipients

Subject: Your Billing Information Change Notification

Dear Customer,

It has come to our attention that your Billing Information records are recently changed. That requires you to verify your Billing Information. Failure to validate your billing information may result to account termination.

To verify your billing information, Please Download Attachment and open in a browser to Continue. We value your privacy and your preferences...

Failure to abide by these instructions may subject you to Capital One account restrictions or inactivity.

Thanks,

Capital One Customer Support

Capital One customers who have received messages claiming that they need to do some activity on their accounts, such always go directly to https://www.capitalone.com/ and sign into their accounts. Once they have signed in, they will be notified of security updates, notifications and other important notifications. So, there is no need to click on a link in an email message, which may go to phishing or malicious website.

Also, Capital One customers who have already been tricked by the phishing messages, are asked to change their passwords and contact Capital One immediately, before their accounts are hijacked and used fraudulently by cyber criminals.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search engine. Search

Write your comment or view the ones below. +

Save

Was this article helpful?

Advertisements - Continue reading below

Comments, Answers, Reviews or Questions

To protect your privacy, please remove sensitive or identifiable information from your comments, questions, or reviews. Please keep conversations courteous and on-topic.

Comments 1

Oct 10, 2017 at 3:36 PM by an anonymous user from: Seaford, Delaware, United States

Got this email today(10-10-2017):
Luckily, I know HTML code and opened the attachment in a text editor to view the source code.
Hovering over what appears to be the sender will return a valid Capital One domain and email.
VERY convincing as the webpage attachment loads images to Capital One and even has links to valid Capital One webpages.
It does have a nasty javascript and the page will ask you to enter information that the person that will receive what you enter, to have access to your account.
All the questions asked have very simple responses that you almost can't get wrong.
It asks your mother's maiden name and any answer over 3 characters will result in you not being told you're wrong.
Eventually, you have the feeling you are on a legit page for Capital One and then you have to enter information you would NEVER give out freely.
It's a confidence game, and you feel like it is Capital One asking the questions, but it's not.
Delete the email or as Captial One suggests, forward the email to:
abuse@capitalone.com

Advertisements - Continue reading below

Write Your Comment, Answer, Review or Question

Enter comment, answer, review or question.