Tuesday , 22 August 2017
Home » SCAM OF THE WEEK » Threat Thursday – American Express Phishing Spam
Threat Thursday – American Express Phishing Spam

Threat Thursday – American Express Phishing Spam

This week’s Threat Thursday is from AppRiver, and focuses on a newly spotted social engineering campaign targeting American Express customers. The email blast seeks to trick users into providing highly sensitive information such as their social security number, credit card information and other personal identifiers. The email informs the recipient that a phone call requesting a one-time password was made to them in regards to a recent transaction. Those who did not receive a phone call are instructed to click on the provided link in the message which directs to an exploited website.

amexphishing

The exploited site is an accurate recreation of American Express’ website. The throw-away domain for this campaign was created one week ago. This of course is a huge red flag. In the screenshots below, the cyber criminals seek to obtain various personal information from American Express customers. It’s highly unusual for a financial institution to ask for this amount of information for account verification purposes.

amexphishing2

amexphishing3

amexphishing4

Once all of the information has been filled out and submitted, the website redirects to the official American Express homepage. This campaign was well thought out and executed. Besides the information presented above, other red flags our security research team noticed were the sender’s address of the email. It’s been spoofed to appear to come from a legitimate Amex email address. The originating IP addresses and language used in the campaign also provided hits to the legitimacy of this message.

 

 

 

 

About Lara Lackie

Lara Lackie is a reporter for The IT Security Guru.
  • mrs omon

    Hi, My name is
    Joel from MD city, USA and i just want to share my
    experience with everyone. I have being hearing about this blank ATM card
    for a while and i never really paid any attention or interest to it
    because of my doubts. Until one day i discovered a hacking called
    Mrs OMON and she work with a hacking group call Cyber-link ATM
    Programmer. she
    is really good at what she is doing. Back to the point, I inquired about
    the Blank ATM Card. If it works or even exist. They told me Yes and
    that
    its a card programmed for random money withdraws without being noticed
    and can also be used for free online purchases of any kind. This was
    shocking and i still had my doubts. Then i gave it a try and asked for
    the card and agreed to their terms and conditions. praying and hoping it
    was not a scam, i got the card within 2 working days after making
    inquiring to get the card, i used the BLANK ATM CARD and it was
    successful, i withdraw nor less than 5,000 dollar each and every day,
    the BLANK ATM CARD worked like a magic and now i am living very
    comfortable and can afford anything i want to buy now, if you want to
    order for the BLANK ATM CARD here is her email address: atmmachine581@gmail.com