Tuesday, October 15, 2024
Homecyber securityBeware of Phishing Attacks Targeting AmericanExpress Card Users

Beware of Phishing Attacks Targeting AmericanExpress Card Users

Published on

Malware protection

Cybercriminals target American Express cardholders through deceptive emails that mimic official communications from the financial services giant.

The scam attempts to trick users into divulging sensitive personal and financial information.

How the Scam Works

According to a recent tweet from Avast Threat Labs, the phishing attack begins with an email that appears to be from American Express urging recipients to participate in a fake “American Express Personal Safe Key” setup process.

- Advertisement - SIEM as a Service
Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

This process is ironically described as a measure to protect users from phishing attacks.

The email contains a link that directs users to a fraudulent webpage hosted on platforms like Google Forms.

The webpage is designed to harvest a wide range of personal information.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Victims are asked to enter their social security number, date of birth, mother’s maiden name, email address, and complete details of their American Express card, including the security codes and expiration date.

The design and language of the email and webpage closely mimic legitimate American Express communications, making the scam particularly convincing.

To guard against such attacks, users must verify the authenticity of any communication requesting sensitive information.

Here are some tips to help protect yourself:

  • Verify the sender’s email address: Always double-check the sender’s email address.
  • Look for subtle misspellings or incorrect domains that might indicate a phishing attempt.
  • Look for generic greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your name.
  • Do not click on suspicious links: Avoid clicking on links in unsolicited emails. Instead, visit the website by typing the address directly into your browser.
  • Contact the company directly: If you receive an unexpected request for personal information, contact the company directly using a phone number or email address from their official website.
  • Use security software: Protect your devices with up-to-date antivirus software, which can help detect and block malicious sites and downloads.
  • Educate yourself and others: Stay informed about phishing techniques and share this knowledge with friends and family.
  • Awareness is a powerful tool in combating cyber threats.

American Express advises customers to be vigilant and report suspicious activities immediately.

By staying alert and following these guidelines, cardholders can help protect themselves from falling victim to this and similar phishing scams.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...

pac4j Java Framework Vulnerable to RCE Attacks

A critical security vulnerability has been discovered in the popular Java framework pac4j. The...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...