This is worth posting. See http://www.millersmiles.co.uk/report/1455 for info on Chase bank account phishing expedition which I just thwarted in my case by changing info at my Bank One site that I had put on their phony site. Read all about it, and BE CAREFUL, noting especially this:
Chase Bank never send their users emails requesting personal details in this way.
It was the phony site’s request for my SS# that set bells ringing. At least I didn’t give that.