A new phishing scam targeting American Express credit card holders was reported by Hoax Slayer this week. The emails purport to be from American Express and feature standard American Express branding, including logos and footers. They have the subject line “Unusual activity in your American Express” and warn the recipient that “Our records indicate that you recently used your American Express card on…” with a random date inserted into the field.
Subsequently, the email requests that “To safeguard your account, please access your account here.” The link takes the user to a fake American Express account login page. Once the user logs in to the website, their login credentials are sent to the perpetrators of the scam. After they login to the fake American Express page, they are taken to a subsequent form which asks for credit card details as well as personal and financial information. This information could later be used to facilitate credit and identity fraud or sold to others for the same purpose. Phishing emails often change their messaging and subject lines but the purpose is always the same.
Such phishing scams utilize scare tactics, such as alleged credit card fraud, to manipulate users into fulfilling their request. Unlike the majority of phishing scams which use poorly written emails and bad approximations of branding, this American Express phishing scam does a good job of looking like a real email from American Express. Combined with the aforementioned scare tactics, it has the potential to convince unsuspecting users into providing their personal and financial details to cybercriminals.
American Express advises its users to maintain their safety and security by monitoring their account activity, reviewing their credit report regularly, and creating unique passwords and personal identification numbers. A credit card company would never send you generic emails claiming that fraud has been committed on your account. If you’ve received phishing emails purporting to be from American Express, you can report them to the company by emailing firstname.lastname@example.org.
Powered by WPeMatico