One of those phishing emails made it through the Gmail filters. Hovering over the link they tell you to click clearly shows it's not the real Chase bank's site.
As a rule, you could test the validity of a site like this by making the first step in your authentication procedure entering an incorrect username and password. It's unlikely you'll randomly guess someone else's actual credentials. Either way, the phisher's site will fail wildy here as they can't actually verify your information; that's what they're after. They'll let you log in with any credentials (if they're "advanced" they'll follow the password length and content rules, which are public).
I decided to give the phishers my info, which consisted of expletives and random numbers.
I like to think of someone scanning their rolls eagerly and seeing that.