Users of American Express Targeted in Phishing Scam
Security experts have recently warned "fraudulent emails with links to websites for credential-harvesting have been identified lately which are targeting customers of American Express payment card."
The authors of the email have used some branding of American Express but overall look of the email is quite messy. The subject line of the email reads: "Unusual activity in your American Express card." The sender seems to be "American Express" with the subject line of the email is also used as a heading in the content of the email. It is addressed as "Dear Customer" with two links to the same website enclosed in the email.
The purpose of the email is to caution the recipient about probability of fraudulent use of their American Express card. The email specifies the date and time of this so-called illegal usage of card. The time specified varies in every email.
The recipient of the email is advised to either see the activity of the account via a button with the text "VIEW ACCOUNT ACTIVITY" or to click on the second link. The second link uses the anchor text "americanexpress" which is an attempt to add authenticity to the email. The email's last line informs the recipient that "your prompt response regarding this matter is appreciated."
But this email is certainly not from American Express because it is a widespread phishing email scam.
Security pundits point out that if you click on the link, it will take you to a fake American Express website.
Experts note that users should be aware of the fact that banks would never ask for sensitive data through email with online form if any suspicious activity is detected in their bank accounts.
Actually, a simple fact that the customer is not addressed by name, which the banks have, should ring the alarm bells.
Moreover, the kind of details requested by these so-called account verification activities should raise doubts and make anyone think twice before disclosing details.
Expert's advice that the card number, CVV (card verification code) and expiry date of the card are enough to make purchases online and therefore a form asking for this data should never be trusted and users must ignore this immediately.