Phishing emails can be convincing if you don’t know what to look for. Scammers send out massive numbers of phishing attempts, hoping that they can fool us into giving away our personal information and our money.
It seems like we are in a never-ending battle against these types of attacks. Remember, it only takes one successful phishing attempt and your entire identity may be stolen forever! This is why it’s extremely important not to let your guard down.
We recently told you about this massive Netflix phishing scam that’s currently making the rounds. But now, customers of a major credit card company need to be extra careful of this new phishing campaign.
New AmEx phishing scam
A new email phishing campaign was spotted by myonlinesecurity.co.uk and it is targeting American Express customers by claiming that there is a security error on your account.
The tricky part is that this scam was designed to elude anti-phishing tools and security software so you have to keep your guard up to avoid getting duped.
Here’s what to watch out for. BleepingComputer stated that this current campaign uses email subject lines like:
- “Notice Concerning your CardMember Account”
- “Reminder – We’ve issued a security concern (Action Required)”
- “REMINDER: A concern that requires your action”
Another reason these types of fake emails are hard to spot is due to the way mobile email clients only display names in their “From:” fields and not the entire email address.
As such, the phishing emails appear to be coming from mail domains that spoof or mimic legitimate American Express accounts.
From: addresses to watch out for include AmExpress@amnex.com, AmericanExpress@ampress.com and AmericanExpress@aemail.com. Notice that all of these look similar to the official American Express and Amnex.com domains.
Here’s what the phishing emails look like
Here’s an example of the current American Express phishing scam (courtesy of myonlinesecurity.co.uk):
Similar to other phishing scams, this fake American Express email has a malicious html attachment that runs a script from a remote website.
The script then proceeds to display an online validation form that will ask for your sensitive information including your American Express account credentials, credit card number, security code, expiration date and even your mother’s maiden name, date and place of birth and your first elementary school.
Yep, it’s everything an identity thief will ever need to take over your identity.
Once submitted, the data is sent to the scammer’s remote host but you are redirected to a legitimate americanexpress.com page that displays “Thank you for your feedback.” Note: Dumping a victim to the real website of the spoofed company after their information is compromised is a very common phishing tactic these days.
How to protect yourself from these fake emails
In case you haven’t noticed, all these sophisticated phishing attacks rely on social engineering tricks to scare you into clicking an attachment or a link.
Remember, financial companies will never request your sensitive information via an attached form. If you receive any type of “security alert” or “account verification” email that appears to be coming from your bank that includes an attachment, don’t fall for it! Never open the attachment or link!
If you’re concerned, contact your bank via its customer service phone number (typically located on the back of your banking card) and ask them directly.
Additionally, report phishing attempts by contacting the FTC. Send an email to firstname.lastname@example.org or visit ftc.gov/complaint. You can also email email@example.com, used by the Anti-Phishing Working Group. Visit American Express’s security center for more information.