Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Be careful from fake American Express emails having attached Phishing Form


A new phishing campaign is going on where emails pretending to be from the American Express, states that your credit card has a security issue. The email then prompts the recipient to open a HTML attachment, which is actually a phishing form and will send inputted information to the scammers.


BleepingComputer first came to know regarding this phishing scam (i.e. fake American Express emails having attached phishing form) from myonlinesecurity.co.uk. However, BleepingComputer have seen many variants being sent after October 2018 when researched further. All these variants use the same theme that suggest there is a security review of the recipient's credit card, which found issues thus requiring the recipient to send his/her information asked in the attached form and also create a new account online.


All these emails were sent from mail domains which are based on "American Express" keyword like AmericanExpress@ampress.com, AmericanExpress@aemail.com, and AmExpress@amnex.com. The subjects of these emails are like "REMINDER: A concern that requires your action", "Notice Concerning your CardMember Account", and "Reminder - We've issued a security concern (Action Required)".


The phishing email has an HTML attachment having a name like 0,,1_09030-AENA2018_1228,01.htm. Then, a script got opened from a remote site by these html attachments. The remote JavaScript is obfuscated, however when deobfuscated then it just writes HTML to document so as to render the form.


This form then asks the recipient to enter their security pin, their online account credentials, their card number, expiration date, security code, mother's birth date, mother's maiden name, first elementary school name, birth year, and then finally prompts the recipient to create new login credentials. Now, once the user submits that form, the entered information goes to a remote host (i.e. the scammers).


Once remote host receives all these data, it then redirects the recipient to a genuine americanexpress.com page which states "Thank you for your feedback" to adds legitimacy to the form submission.


It is necessary to keep in mind that companies, especially the financial organizations, never request this kind of information by using an attached form. Moreover, when you receive any email containing links to sites asking for personal information, then it is strongly recommended that you must contact the organization directly by phone so as to confirm the received email.


» SPAMfighter News - 1/11/2019

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page