Phishing Scam Targets AmEx Customers

E-mails posing as messages from the credit card firm AmEx (American Express) are hitting consumers' mailboxes this month (December 2009), reports HELP NET SECURITY on December 17, 2009.

Beginning with 'Dear Customer' to address the recipient, the unsolicited e-mail states that the technical service section of AmEx has just found that the user's information filed with the company is incomplete. Unmistakably, the e-mail provides a file number for reference.
Subsequently, it (the e-mail) requests that if the user is unable to click the link, then he may copy it into the address bar of his browser. It thanks the recipient for his swift attention to this crucial issue.

The message tries to sound genuine as it states that in case the recipient fails to update his account information within 48-hours, he would have only restricted access to the account.

Finally, the e-mail signs off expressing gratitude on behalf of 'American Express Company, Member FDIC.'

Meanwhile, if anyone follows the link embedded in the e-mail, he would land onto a mimicked AmEx website on which supplying the requested details would help cybercriminals to intercept the same.

This phishing tactic is, reportedly, the most traditional ploy ever recorde; however, it isn't difficult to avoid. Users need to know that financial institutions and banks do not ever ask anyone to review personal information over e-mail or through online forms. So if such e-mails arrive, users should instantly recognize their hidden intention, viz. phishing, for stealing money.

Moreover, the subject lines of the e-mail message include customer notification, American Express Online Form, important instructions, important information, important alert, etc.

According to the security researchers, this type of e-mail scam as well as scams relating to phony delivery notice always become rife during holidays when plenty of buying-and-selling takes place online.

Hence, as best practices, users must find out if a website they decide to access contains the right spellings. They must also check the statements of their credit cards regularly and if they find anything suspicious they must contact their credit card firms. Lastly, they must delete the phishing e-mail after forwarding it to the concerned officials.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 12/26/2009