Too Long; Didn't Read
An email message was sent to a Gmail address I had not used with Chase online banking since 2014 or so. The email message instructs an unsuspecting user to "download the attached form" which is a plain HTML file mimicking real world Chase banking website. It then follows with additional prompts under the pretence of "identity verification" to procure additional information from the user, such as debit card number, address, social security number, drivers license number, PINs, and other vital pieces of information. This is likely one of the sources where attackers obtained email addresses of Chase customers from.