Chase Phishing Email Examples (2026)

Chase is the largest bank in the United States by assets and serves over 82 million consumer and small business customers. That massive customer base makes Chase one of the most impersonated financial brands in phishing campaigns – attackers know that a huge percentage of any target email list will include Chase customers. With the rise of digital banking, Zelle transfers, and mobile payments, scammers have more pretexts than ever for crafting convincing fake emails and texts. This article is part of our comprehensive Phishing & Social Engineering guide and walks through the specific phishing patterns targeting Chase customers in 2026.

Banking phishing is uniquely dangerous because the stakes are immediate and financial. Unlike a compromised streaming account, a compromised Chase account gives attackers access to your checking and savings balances, the ability to initiate wire transfers and Zelle payments, and sensitive personal information that can be used for identity theft.

Below are the five most common Chase phishing email formats currently in circulation, along with text message and phone-based variants and practical steps for protecting yourself.

Pattern 1: The Suspicious Activity Alert

This is the most prevalent Chase phishing email. It exploits the genuine fear that someone has accessed your bank account or made unauthorized transactions.

Typical subject lines:

• “Chase Alert: Suspicious Activity Detected on Your Account”
• “Unusual Transaction on Your Chase Account – Verify Now”
• “Security Alert: Unauthorized Sign-In Attempt on Your Chase Account”
• “Chase: We’ve Temporarily Restricted Your Account”

What it looks like: The email uses Chase’s blue and white branding, the Chase octagon logo, and a layout that closely mirrors genuine Chase security alerts. It states that unusual or suspicious activity has been detected and that your account has been temporarily restricted for your protection. A prominent button says “Verify Your Identity” or “Review Activity Now.” Some variants include a fabricated transaction – a large purchase at a retailer, an ATM withdrawal in a foreign city, or an online transfer – to increase alarm.

The tell: The sender address is not from @chase.com. Common fakes include alerts@chase-secure.com, security@jpmorgan-alerts.net, noreply@chase-verify.com, or support@chaseonline-alert.com. The “Verify” button leads to a fake login page designed to capture your Chase username, password, and often your Social Security number or PIN on subsequent screens.

The reality: Chase does send genuine fraud alerts via email, text, and push notification, but these alerts direct you to verify transactions through the Chase app or by calling the number on the back of your card. Genuine Chase fraud alerts never ask you to enter your password, SSN, or PIN through an email link. If you receive a suspicious activity alert, open the Chase app directly and check your account activity.

Pattern 2: The Account Locked Warning

This variant escalates the threat by claiming your entire account has been locked and will remain inaccessible – or be closed permanently – unless you act immediately.

Typical subject lines:

• “Your Chase Account Has Been Locked”
• “Action Required: Verify Your Identity to Restore Account Access”
• “Chase: Your Online Banking Access Has Been Suspended”
• “Account Closure Notice: Immediate Verification Required”

What it looks like: The email warns that your Chase online banking account has been locked due to a security concern, failed identity verification, or suspected fraud. It states that if you do not verify your identity within 24 or 48 hours, your account will be permanently closed or your funds will be frozen. A “Restore Access” or “Unlock Account” button drives the urgency.

The tell: Chase does not threaten to permanently close accounts or freeze funds via email with a 24-hour countdown. The urgency is entirely artificial – designed to make you click before thinking. The email requests information that Chase already has and would never ask you to resubmit through an email link, including your password, Social Security number, account number, or PIN.

The reality: If Chase genuinely needed to restrict your account, you would discover the restriction when you tried to log in through the Chase app or chase.com. Any required verification steps would be presented within the secure online banking portal after login, or Chase would contact you by phone using the number they have on file. If you are concerned, call Chase directly at the number on the back of your card (1-800-935-9935 for credit cards, 1-800-382-0024 for checking and savings).

Pattern 3: The Zelle Payment Confirmation

With Zelle integrated directly into the Chase mobile app and used by tens of millions of customers, fake Zelle notifications are increasingly common and effective.

Typical subject lines:

• “You Sent $750.00 via Zelle – Confirm or Cancel”
• “Zelle Alert: A Payment of $1,500.00 Is Pending”
• “Chase Zelle: Did You Authorize This Payment to [Name]?”
• “Zelle Transfer Alert: Confirm This Transaction”

What it looks like: The email mimics a Zelle payment notification, showing a transfer you supposedly initiated to an unfamiliar recipient. The amount is large enough to trigger alarm – typically $500 to $2,000. The email provides a “Cancel This Payment” or “Report Unauthorized Transfer” button, preying on the instinct to stop the money before it is gone.

The tell: If you did not initiate a Zelle payment, there is no payment to cancel. Clicking “Cancel” leads to a phishing page that captures your Chase online banking credentials. Some sophisticated versions also ask you to call a fake “fraud department” phone number, where a scammer walks you through a process that ultimately gives them access to your account or tricks you into completing a real Zelle transfer to them.

The reality: Zelle payments initiated through Chase are confirmed within the Chase app before the money moves. If an unauthorized payment were actually initiated, clicking a link in an email would not cancel it. Open the Chase app directly and check your recent activity. If you see an unauthorized transaction, contact Chase immediately through the app or by calling the number on the back of your card.

Pattern 4: The Credit Card Application Confirmation

This pattern creates alarm by telling you that a new credit card has been opened in your name, triggering the fear of identity theft.

Typical subject lines:

• “Congratulations! Your Chase Sapphire Preferred Card Has Been Approved”
• “Chase: Your New Credit Card Application Has Been Received”
• “Welcome to Your New Chase Freedom Unlimited Card”
• “Application Confirmation: Chase Sapphire Reserve”

What it looks like: The email congratulates you on being approved for a Chase credit card you did not apply for, or confirms receipt of a credit card application you did not submit. It includes details about the card, credit limit, and welcome bonus. The email provides a “If You Did Not Apply” or “Report Unauthorized Application” link.

The tell: The “Report Unauthorized Application” link leads to a phishing page that asks for personal information under the guise of investigating the fraudulent application – including your Social Security number, date of birth, and existing Chase account credentials. This is an identity theft double play: the attacker creates panic about potential identity theft, then uses that panic to steal the very information needed for actual identity theft.

The reality: If you are concerned that someone opened a credit card in your name, do not use the link in the email. Instead, check your credit reports at AnnualCreditReport.com, review your Chase accounts through the Chase app, and call Chase directly. You can also place a credit freeze with the three major credit bureaus (Equifax, Experian, TransUnion) to prevent new accounts from being opened in your name.

Pattern 5: The Wire Transfer Alert

This pattern targets Chase customers with checking accounts, exploiting the fear of a large unauthorized wire transfer that could drain their account.

Typical subject lines:

• “Wire Transfer Alert: $5,000.00 Initiated from Your Chase Account”
• “Chase: Confirm Your Outgoing Wire Transfer”
• “Urgent: International Wire Transfer Pending – $8,750.00”
• “Wire Transfer Notification: Action Required Within 2 Hours”

What it looks like: The email states that a wire transfer has been initiated from your Chase account, typically to an international recipient. The amount is large and alarming. The email includes a tight deadline – often 2 hours – and provides a “Cancel Transfer” or “Report Fraud” button. The combination of a large dollar amount and a short deadline creates maximum panic.

The tell: Wire transfers initiated through Chase require authentication within the Chase app or online banking portal. Chase does not send emails with “Cancel Transfer” links. The phishing page behind the link harvests your credentials, and some versions also install malware. If you are genuinely concerned about a wire transfer, call Chase immediately at the number on the back of your card.

The reality: Wire transfers require multiple levels of verification through Chase’s secure systems. An email alone cannot initiate a wire transfer, and an email link cannot cancel one. If a wire transfer were actually in progress, you would need to contact Chase directly to stop it. The email is designed to create enough panic that you click before thinking.

Smishing: Chase Text Message Scams

SMS phishing targeting Chase customers has surged in recent years. Text messages appear directly on your lock screen, are read almost immediately, and mobile browsers make it harder to inspect URLs.

Common Chase smishing messages:

• “Chase Fraud Alert: Did you attempt a $2,487.00 purchase? Reply YES or NO, or call 1-800-XXX-XXXX”
• “Chase: Your debit card has been temporarily locked. Verify at [link]”
• “Chase Alert: A Zelle payment of $900.00 was sent from your account. Not you? Visit [link]”
• “Chase: Unusual sign-in detected. Verify your identity at [link]”

Some Chase smishing messages mimic the real Chase fraud alert format, which asks you to reply YES or NO to confirm a transaction. The fake version includes a phone number that connects you to a scammer, or a link to a phishing site.

How to handle Chase smishing:

1. Do not tap any links in the text.
2. Do not call any phone number included in the text.
3. Open the Chase app directly and check your account.
4. If you are concerned, call Chase at the number on the back of your card.
5. Forward the suspicious text to 7726 (SPAM) to report it to your carrier.
6. Forward the text to phishing@chase.com.
7. Delete the message.

How to Verify a Chase Email Is Legitimate

Before acting on any communication that claims to be from Chase, run through this checklist:

1. Check the sender address: Legitimate Chase emails come from @chase.com. Click on the sender name to see the full email address, not just the display name.

2. Inspect links without clicking: Hover over any buttons or links (on desktop) or long-press them (on mobile) to see the actual URL. It should point to chase.com – not chase-secure.com, jpmorgan-alerts.net, or chase.com-verify.xyz.

3. Look for requests for sensitive information: Chase will never ask for your password, PIN, Social Security number, full account number, or one-time passcode via email, text, or phone call. Any message requesting this information is fraudulent.

4. Evaluate the urgency: Legitimate Chase communications do not threaten account closure within 24 hours or demand immediate action through an email link.

5. Check the Chase app: Open the Chase mobile app and check your account activity, messages, and alerts. Legitimate notifications appear within the app.

6. Call Chase directly: When in doubt, call the number on the back of your Chase debit or credit card. Do not use any phone number provided in a suspicious email or text.

For a broader framework that applies to all phishing attempts, see our guide on how to recognize phishing emails.

Why a Password Manager Is Your Strongest Defense

Technical defenses matter more than awareness alone. Even security-conscious people occasionally click links when they see “unauthorized wire transfer” and panic takes over. Modern AI-powered phishing generates banking emails with perfect grammar, accurate branding, and personalized details that are virtually impossible to distinguish from genuine Chase communications. A password manager provides an automated safety net that works even when your critical thinking is overridden by fear.

Domain Matching Stops Credential Theft

When you use a password manager’s autofill to log into Chase, the password manager checks the exact domain of the page you are on. If the domain is chase.com, autofill works normally. If the domain is anything else – chase-secure.com, jpmorgan-alerts.net, chaseonline-verify.com, chase.com-login.xyz – autofill stays silent. It does not matter how perfect the fake page looks. The domain check is automated and precise.

PanicVault performs this domain matching through Apple’s system-wide AutoFill on iPhone, iPad, and Mac. When you tap a login field on a site claiming to be Chase and PanicVault does not offer your credentials, that absence is your signal that the site is not genuine. Learn more about this mechanism in our article on how a password manager prevents phishing.

Unique Passwords Contain the Blast Radius

If you reuse your Chase password on other sites – or use the same password for Chase that you use for your email – a breach anywhere gives attackers a direct path into your banking. A password manager generates and stores a unique, random password for every account, ensuring that a compromise on one site cannot cascade to your Chase accounts.

Navigate From Your Vault, Not From Email Links

When you receive a notification about your Chase account, instead of clicking the link in the email, open PanicVault and tap your Chase entry. It will take you to the real chase.com and autofill your credentials. This simple habit eliminates the risk of landing on a phishing page entirely.

How to Report Chase Phishing

If you receive a phishing email or text pretending to be Chase, report it promptly:

1. Forward the email to phishing@chase.com. Do not click any links before forwarding.
2. Report through the Chase app: Log into the app and go to the secure message center to report suspicious communications.
3. Forward suspicious texts to 7726 (SPAM) to report to your carrier.
4. Report to the FTC at ReportFraud.ftc.gov.
5. Report to the Anti-Phishing Working Group at reportphishing@apwg.org.

For a complete guide on reporting phishing across all brands and platforms, see our article on how to report a phishing attempt.

What to Do If You Fell for a Chase Phishing Scam

If you entered your credentials on a phishing site or shared sensitive information with a scammer, act immediately:

1. Log into chase.com directly (type the URL or use your password manager) and change your online banking password.
2. Call Chase immediately at the number on the back of your card to report the incident. They can flag your account for monitoring and issue new card numbers if needed.
3. Enable two-factor authentication on your Chase account if it is not already active.
4. Review recent transactions for any unauthorized activity. Report fraudulent transactions immediately through the Chase app or by calling.
5. Check other accounts: If you use the same password elsewhere, change those passwords immediately.
6. Contact the credit bureaus: If you shared your Social Security number, place a credit freeze with Equifax, Experian, and TransUnion to prevent new accounts from being opened in your name.
7. Forward the phishing email to phishing@chase.com.
8. Report it to the FTC at ReportFraud.ftc.gov and to the Anti-Phishing Working Group at reportphishing@apwg.org. See our full guide on how to report a phishing attempt.

Staying Ahead of Chase Phishing in 2026

Chase phishing campaigns continue to evolve. AI-powered phishing tools generate emails with perfect grammar, personalized account details, and branding indistinguishable from genuine Chase communications. The old advice to “look for spelling errors” is obsolete.

What works is a layered defense:

• Use a password manager that checks domains automatically and refuses to autofill on fake sites.
• Enable two-factor authentication on your Chase account and every other financial account.
• Never click links in emails or texts claiming to be from Chase. Open the Chase app or navigate to chase.com directly.
• Verify independently by calling the number on the back of your card.
• Report every phishing attempt to phishing@chase.com to help protect others.

The attackers are counting on a moment of panic – the instant when you see “unauthorized wire transfer” and react without thinking. The best countermeasure is building habits that remove panic from the equation: let your password manager handle the domain verification, go directly to the source for every alert, and treat every unsolicited communication with healthy skepticism.

Related Articles

• Bank of America Phishing Email Examples
• Wells Fargo Phishing Email Examples
• How to Recognize a Phishing Email: 10 Red Flags
• How a Password Manager Protects From Phishing
• How to Report a Phishing Attempt