Friday, May 24, 2024

Beware of Phishing Attacks Targeting AmericanExpress Card Users

Cybercriminals target American Express cardholders through deceptive emails that mimic official communications from the financial services giant.

The scam attempts to trick users into divulging sensitive personal and financial information.

How the Scam Works

According to a recent tweet from Avast Threat Labs, the phishing attack begins with an email that appears to be from American Express urging recipients to participate in a fake “American Express Personal Safe Key” setup process.


Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

This process is ironically described as a measure to protect users from phishing attacks.

The email contains a link that directs users to a fraudulent webpage hosted on platforms like Google Forms.

The webpage is designed to harvest a wide range of personal information.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Victims are asked to enter their social security number, date of birth, mother’s maiden name, email address, and complete details of their American Express card, including the security codes and expiration date.

The design and language of the email and webpage closely mimic legitimate American Express communications, making the scam particularly convincing.

To guard against such attacks, users must verify the authenticity of any communication requesting sensitive information.

Here are some tips to help protect yourself:

  • Verify the sender’s email address: Always double-check the sender’s email address.
  • Look for subtle misspellings or incorrect domains that might indicate a phishing attempt.
  • Look for generic greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your name.
  • Do not click on suspicious links: Avoid clicking on links in unsolicited emails. Instead, visit the website by typing the address directly into your browser.
  • Contact the company directly: If you receive an unexpected request for personal information, contact the company directly using a phone number or email address from their official website.
  • Use security software: Protect your devices with up-to-date antivirus software, which can help detect and block malicious sites and downloads.
  • Educate yourself and others: Stay informed about phishing techniques and share this knowledge with friends and family.
  • Awareness is a powerful tool in combating cyber threats.

American Express advises customers to be vigilant and report suspicious activities immediately.

By staying alert and following these guidelines, cardholders can help protect themselves from falling victim to this and similar phishing scams.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide


Latest articles

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing...

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Gift cards are attractive to hackers since they provide quick monetization for stolen data...

Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining...

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

Zero Trust Maturity measures the extent to which an organization has adopted and implemented...

Chinese Hackers Stay Hidden On Military And Government Networks For Six Years

Hackers target military and government networks for varied reasons, primarily related to spying, which...

DNSBomb : A New DoS Attack That Exploits DNS Queries

A new practical and powerful Denial of service attack has been discovered that exploits...

Malicious PyPI & NPM Packages Attacking MacOS Users

Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users.These...
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles