Bogus Emails from Lenders
April 9, 2020
Dear Clients, Colleagues and Friends,
We have become aware of malicious emails being sent by scammers imitating Chase Bank, and possibly other lenders, related to Paycheck Protection Program Loans, and potentially other stimulus loans as well.
These emails look authentic and it is almost impossible to tell that they are
bogus. The links in these emails may even direct you to a lender’s legitimate website, leading you to enter your credentials to log in to your account. Under these circumstances, there may be a background process running that
steals your credentials and dual-factor token, which allows the scammer
to log into your account without dual-factor authorization.
Even though you may be expecting emails from your lender, do not be fooled. DO NOT OPEN THE EMAIL nor CLICK ON ANY LINK OR ATTACHMENT IN THE EMAIL without first speaking with a known person at the lender (don’t use the phone number in the email; call only a number that you know to be legitimate) to confirm that the email is authentic by verifying the exact sender and time stamp on the email.
Please see safe methods to verify legitimacy of emails and links below:
1) Look at the sender’s email address
2) Hover over links to see where you will be directed
3) Contact the sender to confirm legitimacy (NOT using contact info from the email in question)
If you are in doubt as to whether you fell victim to one of these emails,
we strongly recommend that you login to your lender’s website (i.e.
Chase.com) and change your username and password immediately, and consider notifying your
For additional updates and guidance regarding COVID-19, please visit the News section of our website at
Presti & Naegele