Monday, February 17, 2025
Homecyber securityBeware of Phishing Attacks Targeting AmericanExpress Card Users

Beware of Phishing Attacks Targeting AmericanExpress Card Users

Published on

SIEM as a Service

Follow Us on Google News

Cybercriminals target American Express cardholders through deceptive emails that mimic official communications from the financial services giant.

The scam attempts to trick users into divulging sensitive personal and financial information.

How the Scam Works

According to a recent tweet from Avast Threat Labs, the phishing attack begins with an email that appears to be from American Express urging recipients to participate in a fake “American Express Personal Safe Key” setup process.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

This process is ironically described as a measure to protect users from phishing attacks.

The email contains a link that directs users to a fraudulent webpage hosted on platforms like Google Forms.

The webpage is designed to harvest a wide range of personal information.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Victims are asked to enter their social security number, date of birth, mother’s maiden name, email address, and complete details of their American Express card, including the security codes and expiration date.

The design and language of the email and webpage closely mimic legitimate American Express communications, making the scam particularly convincing.

To guard against such attacks, users must verify the authenticity of any communication requesting sensitive information.

Here are some tips to help protect yourself:

  • Verify the sender’s email address: Always double-check the sender’s email address.
  • Look for subtle misspellings or incorrect domains that might indicate a phishing attempt.
  • Look for generic greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your name.
  • Do not click on suspicious links: Avoid clicking on links in unsolicited emails. Instead, visit the website by typing the address directly into your browser.
  • Contact the company directly: If you receive an unexpected request for personal information, contact the company directly using a phone number or email address from their official website.
  • Use security software: Protect your devices with up-to-date antivirus software, which can help detect and block malicious sites and downloads.
  • Educate yourself and others: Stay informed about phishing techniques and share this knowledge with friends and family.
  • Awareness is a powerful tool in combating cyber threats.

American Express advises customers to be vigilant and report suspicious activities immediately.

By staying alert and following these guidelines, cardholders can help protect themselves from falling victim to this and similar phishing scams.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable...

Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered,...

New XCSSET Malware Targets macOS Users Through Infected Xcode Projects

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking...

Beware! Fake Outlook Support Calls Leading to Ransomware Attacks

Telekom Security has recently uncovered a significant vishing (voice phishing) campaign targeting individuals and...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable...

Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered,...

New XCSSET Malware Targets macOS Users Through Infected Xcode Projects

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking...