Security experts have identified a new phishing scam that uses a toll-free telephone number rather than a bogus website to gather online banking passwords from unwary victims.

Whereas phishers typically attempt to redirect recipients of malicious emails to fraudulent websites which harvest passwords and account information, a new scam targeting Chase Bank customers uses only a telephone number as a method of contact.

The scam uses a toll-free number which has probably been registered using fake names or contact information.

The use of a toll-free number is typical, as such phone numbers are used by the legitimate Chase.

When users dial the number, they are greeted by a recorded message apparently from Chase asking for credit card and personal information.

Security firm SurfControl discovered this scam in Australia, but newly identified examples are being analysed and added to the SurfControl Email Filter databases around the clock.

SurfControl is warning customers that this new attack could open the door to employees providing credit card and other personal data to the scammers.