"Capital Your Billing Information Change Notification" Phishing Scam

Comments: 1
Views: 84
Save
Updated: Sep. 18, 2017 2017-09-18T09:46:01
Posted: Sep. 18, 2017 2017-09-18T09:27:46
Online Threat Alerts (OTA)

Capital One customers who have received email or SMS text messages like the one below, which claim their billing records have been updated and they are required to validate their accounts, or else their accounts will be terminated, should delete the messages. They should also not follow the instructions in the messages. This is because the messages are being sent by cyber criminals to frighten and trick potential victims into clicking on the links in them, which go to phishing websites that steal Capital One online account credentials.

The "Capital Your Billing Information Change Notification" Phishing Scam

From: Capital One

Sent: Saturday, September 16, 2017 7:35 PM

To: Recipients

Subject: Your Billing Information Change Notification

Dear Customer,

It has come to our attention that your Billing Information records are recently changed. That requires you to verify your Billing Information. Failure to validate your billing information may result to account termination.

To verify your billing information, Please Download Attachment and open in a browser to Continue. We value your privacy and your preferences...

Failure to abide by these instructions may subject you to Capital One account restrictions or inactivity.

Thanks,

Capital One Customer Support

Capital One customers who have received messages claiming that they need to do some activity on their accounts, such always go directly to https://www.capitalone.com/ and sign into their accounts. Once they have signed in, they will be notified of security updates, notifications and other important notifications. So, there is no need to click on a link in an email message, which may go to phishing or malicious website.

Also, Capital One customers who have already been tricked by the phishing messages, are asked to change their passwords and contact Capital One immediately, before their accounts are hijacked and used fraudulently by cyber criminals.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search

engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.

Was this article helpful? +

Yes (0)
No (0)

Share this with others:

Donate Help maintain Online Threat Alerts (OTA) by clicking here.

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

October 10, 2017 at 3:36 PM by an anonymous user from: Seaford, Delaware, United States
Got this email today(10-10-2017):
Luckily, I know HTML code and opened the attachment in a text editor to view the source code.
Hovering over what appears to be the sender will return a valid Capital One domain and email.
VERY convincing as the webpage attachment loads images to Capital One and even has links to valid Capital One webpages.
It does have a nasty javascript and the page will ask you to enter information that the person that will receive what you enter, to have access to your account.
All the questions asked have very simple responses that you almost can't get wrong.
It asks your mother's maiden name and any answer over 3 characters will result in you not being told you're wrong.
Eventually, you have the feeling you are on a legit page for Capital One and then you have to enter information you would NEVER give out freely.
It's a confidence game, and you feel like it is Capital One asking the questions, but it's not.
Delete the email or as Captial One suggests, forward the email to:
abuse@capitalone.com
remove