This week’s Threat Thursday is from AppRiver, and focuses on a newly spotted social engineering campaign targeting American Express customers. The email blast seeks to trick users into providing highly sensitive information such as their social security number, credit card information and other personal identifiers. The email informs the recipient that a phone call requesting a one-time password was made to them in regards to a recent transaction. Those who did not receive a phone call are instructed to click on the provided link in the message which directs to an exploited website.
The exploited site is an accurate recreation of American Express’ website. The throw-away domain for this campaign was created one week ago. This of course is a huge red flag. In the screenshots below, the cyber criminals seek to obtain various personal information from American Express customers. It’s highly unusual for a financial institution to ask for this amount of information for account verification purposes.
Once all of the information has been filled out and submitted, the website redirects to the official American Express homepage. This campaign was well thought out and executed. Besides the information presented above, other red flags our security research team noticed were the sender’s address of the email. It’s been spoofed to appear to come from a legitimate Amex email address. The originating IP addresses and language used in the campaign also provided hits to the legitimacy of this message.