Beware of "Capital Your Billing Information Change Notification" Phishing Scam

Comments: 1
Views: 73
Updated: September 18, 2017 2017-09-18T09:46:01 -
Date: September 18, 2017 2017-09-18T09:27:46

Capital One customers who have received email or SMS text messages like the one below, which claim their billing records have been updated and they are required to validate their accounts, or else their accounts will be terminated, should delete the messages. They should also not follow the instructions in the messages. This is because the messages are being sent by cyber criminals to frighten and trick potential victims into clicking on the links in them, which go to phishing websites that steal Capital One online account credentials.

The "Capital Your Billing Information Change Notification" Phishing Scam

From: Capital One

Sent: Saturday, September 16, 2017 7:35 PM

To: Recipients

Subject: Your Billing Information Change Notification

Dear Customer,

It has come to our attention that your Billing Information records are recently changed. That requires you to verify your Billing Information. Failure to validate your billing information may result to account termination.

To verify your billing information, Please Download Attachment and open in a browser to Continue. We value your privacy and your preferences...

Failure to abide by these instructions may subject you to Capital One account restrictions or inactivity.

Thanks,

Capital One Customer Support

Capital One customers who have received messages claiming that they need to do some activity on their accounts, such always go directly to https://www.capitalone.com/ and sign into their accounts. Once they have signed in, they will be notified of security updates, notifications and other important notifications. So, there is no need to click on a link in an email message, which may go to phishing or malicious website.

Also, Capital One customers who have already been tricked by the phishing messages, are asked to change their passwords and contact Capital One immediately, before their accounts are hijacked and used fraudulently by cyber criminals.

Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.

Please share what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews

(Total: 1)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

The comments or reviews below do not necessarily reflect the views of Online Threat Alerts.

October 10, 2017 at 3:36 PM by an anonymous user from White Marsh, Maryland, United States
Got this email today(10-10-2017):
Luckily, I know HTML code and opened the attachment in a text editor to view the source code.
Hovering over what appears to be the sender will return a valid Capital One domain and email.
VERY convincing as the webpage attachment loads images to Capital One and even has links to valid Capital One webpages.
It does have a nasty javascript and the page will ask you to enter information that the person that will receive what you enter, to have access to your account.
All the questions asked have very simple responses that you almost can't get wrong.
It asks your mother's maiden name and any answer over 3 characters will result in you not being told you're wrong.
Eventually, you have the feeling you are on a legit page for Capital One and then you have to enter information you would NEVER give out freely.
It's a confidence game, and you feel like it is Capital One asking the questions, but it's not.
Delete the email or as Captial One suggests, forward the email to:
abuse@capitalone.com
remove

Show More Comments (1)

Show all Comments

Write Your Comment, Question, Answer, or Review

Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.

Your comment, question, answer, or review will be posted as an anonymous user because you are not signed in. Anonymous posts cannot be edited or deleted. Sign-in.