Armorblox security researchers have uncovered a new phishing campaign in which attackers are targeting American Express customers.

As per researchers, in this phishing scam, scammers lure American Express cardholders into opening an attachment and try to steal confidential data to access their accounts.

In this financially motivated campaign, attackers first send a spoofed email of the much-recognized card brand and ask the customers to click on the link included in the email attachment. 

Using social engineering and brand impersonation, the attackers lure their targets onto fake and malicious landing pages.

When the victim clicks on this link, they are redirected to a fake American Express landing page. This page is also crafted smartly to resemble the original American Express login page, including the company’s genuine logo, navigational links, and a link to download the American Express app.

In reality, scammers are using a customised domain for this attack. Once there, victims are prompted to sign in to verify their accounts. They enter their user ID and password.

The Legit-looking Phishing Email

In this phishing scam, the email is designed to appear as an authentic American Express notification. The email subject, according to Armorblox’s blog post, reads: “Important Notification About Your Account.”

It informs the recipient to verify their account. Otherwise, the company will suspend it.   The phrase “This is your last chance to confirm it before we suspend it” is included to create a sense of urgency. Victims are requested to complete a one-time verification process to update their credentials and prevent suspension of their accounts.

The email content is created wisely so that a sense of trust is evoked in the recipient.   For instance, it includes the American Express logo on the top left, and a signature is featured at the end to deceive the users into believing that the company’s customer service team sent the email.

Credential Phishing Scam Exploiting American Express Customer Trust
Phishing email and the phishing page (Screenshots via Armorblox)

Prime Targets

Armorblox co-founder and CEO DJ Sampath stated that financial firms are more frequently targeted with credential phishing scams. The main targets of this scam are holders of American Express charge cards.

What’s note worthy is that the phishing scam has bypassed Google Workspace Security successfully, and so far, the email has been sent to around 16,000 email addresses of American Express employees.

How to Identify a Phishing Scam?

Most people are familiar with the term “phishing” but may not know how to identify a phishing scam. Phishing is a type of online fraud that involves tricking someone into giving personal information such as passwords, credit card numbers, or banking information. Scammers do this by sending fake emails or setting up fake websites that look like the real thing.

Here are some tips to help you spot a phishing scam:

  • Be suspicious of any email or website that asks for personal information such as your password, Social Security number, or credit card number. Legitimate companies will never ask for this information via email or an online form.
  • Phishing attempts almost always contain a link, downloadable attachment, or directive telling people to do something ASAP.
  • There are often a lot of spelling mistakes, but not always.
  • The email or message can instill a sense of urgency to get people to act quickly without thinking.
  • It may be a threat or even blackmail, as is the case with sextortion phishing scams.
  • The email signature will usually look strange or different from normal.
  • Phishing emails or messages aren’t always from strangers. Sometimes they’re sent from the compromised accounts of friends, coworkers, or other contacts.
  • Inspect the URL of any website you’re directed to from an email before entering any information on it.

More AmEx Security News

  1. American Express Card Data Stolen by Cyber Criminals
  2. American Express Users Hit with ‘Unusual Activity’ Phishing Scam
  3. Unprotected Snapchat and Amex sites lead to credential harvesting
  4. Phishing Scam: Crooks Using FB Messenger Chatbots to Steal Login Data
  5. Spider-Man: No Way Home exploited to push phishing and malware scams

Posted by Charlie