Beware of Phishing Attacks Targeting AmericanExpress Card Users

Cybercriminals target American Express cardholders through deceptive emails that mimic official communications from the financial services giant.

The scam attempts to trick users into divulging sensitive personal and financial information.

How the Scam Works

According to a recent tweet from Avast Threat Labs, the phishing attack begins with an email that appears to be from American Express urging recipients to participate in a fake “American Express Personal Safe Key” setup process.

⚠️ Beware! A new #phishing campaign is circulating via PDF attachments in emails, posing as @AmericanExpress. The link in the PDF is redirecting through Twitter's unsafe links. Stay vigilant and double-check before clicking any suspicious links! pic.twitter.com/QpUpz9gRpv
— Avast Threat Labs (@AvastThreatLabs) May 6, 2024

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

This process is ironically described as a measure to protect users from phishing attacks.

The email contains a link that directs users to a fraudulent webpage hosted on platforms like Google Forms.

The webpage is designed to harvest a wide range of personal information.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Victims are asked to enter their social security number, date of birth, mother’s maiden name, email address, and complete details of their American Express card, including the security codes and expiration date.

The design and language of the email and webpage closely mimic legitimate American Express communications, making the scam particularly convincing.

To guard against such attacks, users must verify the authenticity of any communication requesting sensitive information.

Here are some tips to help protect yourself:

Verify the sender’s email address: Always double-check the sender’s email address.
Look for subtle misspellings or incorrect domains that might indicate a phishing attempt.
Look for generic greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your name.
Do not click on suspicious links: Avoid clicking on links in unsolicited emails. Instead, visit the website by typing the address directly into your browser.
Contact the company directly: If you receive an unexpected request for personal information, contact the company directly using a phone number or email address from their official website.
Use security software: Protect your devices with up-to-date antivirus software, which can help detect and block malicious sites and downloads.
Educate yourself and others: Stay informed about phishing techniques and share this knowledge with friends and family.
Awareness is a powerful tool in combating cyber threats.

American Express advises customers to be vigilant and report suspicious activities immediately.

By staying alert and following these guidelines, cardholders can help protect themselves from falling victim to this and similar phishing scams.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide