Tricksters are targeting users’ sensitive information via American Express spoof emails

A phishing email scam disguising itself as an agent of American Express is focusing on clients’ sensitive data by expressing that there is a security issue with their credit card. The email trick asks clients for their personal information through an attached form and prompts the users to create new login credentials.

Mode Of Operation

These phishing email scams are seen to have subjects, for example, ‘Notice Concerning your CardMember Account’, ‘Reminder – We’ve issued a security concern (Action Required)’, and ‘REMINDER: A concern that requires your action’.

The email content expresses that:

“… at the time of report analysis, we encountered errors, therefore we order you to confirm your on-document records with us through the attached safe fillable web form.”

The attached form to be filled requests details, for example, users’ online account credentials, card number, security code, expiration date, mother’s maiden name, mother’s birth date, birth year, first elementary school name, and security pin. Then it redirects the victims to create new login credentials.

A case of the phishing email seen by Myonlinesecurity can be seen underneath.

“Primary Cardmember Message

We are writing to let you know that there is a recent security report for your American Express Account(s). At the time of report analysis, errors were encountered.

In view of this, We mandate that you confirm your on-file records with us.

You are to

A safe attached fillable Web form is sent with this message.

*See attached form, download and open to continue.

Thank you for your continued card membership,

American Express Customer Service”

When the victims submit the form with their own details, the gathered data is then sent to the tricksters. The clients are then redirected to the real page that states “Thank you for your feedback.”

It is to be noticed that these messages are conveyed from mail domains that depend on the “American Express” keyword, for example, AmExpress@amnex[.]com, AmericanExpress@aemail[.]com, and AmericanExpress@ampress[.]com.

How to remain safe from such scams?

It is imperative for all web clients to know about such phishing tricks and pursue certain standard security practices to secure their online accounts.

It is to be remembered that organizations particularly financial associations don’t ask for personal information through email or on call.

On the off chance that you get any such email that contains links to sites and requests for your personal information, then it may be a scam, thus it is prescribed that you contact the association to confirm the email.

Leave a Reply

Your email address will not be published. Required fields are marked *

Single Column Posts

Single Column Posts Subtitle

South America bucks up in the Crypto and Blockchain field

The Central Bank of Brazil (BCB) has recently announced the launch of its second edition of the Laboratory of Financial...

Blockchain is supposedly Bigger than The Gutenberg Press And The Internet

The CEO of Overstock, Mr. Patrick Byrne has been a well-known and extremely knowledgeable crypto enthusiast, who has well in...

Blockchain ETF Launches on the London Stock Exchange

Investment management firm Invesco has launched a blockchain exchange-traded fund (ETF) on the London Stock Exchange last week. Invesco has...

Paxos is all about to be showered in gold

The blockchain firm, Paxos will be launching its digital token which will be backed by the precious metal, gold. During an...

Regulators Are Calling 2019 the “Year of the Blockchain”

Regulators have eased regulations regarding blockchain technology as most of them feel that it might harm the development of the...