Beware of Phishing Attacks Targeting AmericanExpress Card Users

Cybercriminals target American Express cardholders through deceptive emails that mimic official communications from the financial services giant.

The scam attempts to trick users into divulging sensitive personal and financial information.

How the Scam Works

According to a recent tweet from Avast Threat Labs, the phishing attack begins with an email that appears to be from American Express urging recipients to participate in a fake “American Express Personal Safe Key” setup process.

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

• Real-time Detection
• Interactive Malware Analysis
• Easy to Learn by New Security Team members
• Get detailed reports with maximum data
• Set Up Virtual Machine in Linux & all Windows OS Versions
• Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Try ANY.RUN for FREE

This process is ironically described as a measure to protect users from phishing attacks.

The email contains a link that directs users to a fraudulent webpage hosted on platforms like Google Forms.

The webpage is designed to harvest a wide range of personal information.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Victims are asked to enter their social security number, date of birth, mother’s maiden name, email address, and complete details of their American Express card, including the security codes and expiration date.

The design and language of the email and webpage closely mimic legitimate American Express communications, making the scam particularly convincing.

To guard against such attacks, users must verify the authenticity of any communication requesting sensitive information.

Here are some tips to help protect yourself:

• Verify the sender’s email address: Always double-check the sender’s email address.
• Look for subtle misspellings or incorrect domains that might indicate a phishing attempt.
• Look for generic greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your name.
• Do not click on suspicious links: Avoid clicking on links in unsolicited emails. Instead, visit the website by typing the address directly into your browser.
• Contact the company directly: If you receive an unexpected request for personal information, contact the company directly using a phone number or email address from their official website.
• Use security software: Protect your devices with up-to-date antivirus software, which can help detect and block malicious sites and downloads.
• Educate yourself and others: Stay informed about phishing techniques and share this knowledge with friends and family.
• Awareness is a powerful tool in combating cyber threats.

American Express advises customers to be vigilant and report suspicious activities immediately.

By staying alert and following these guidelines, cardholders can help protect themselves from falling victim to this and similar phishing scams.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide