Scammers are targeting users' sensitive information via American Express spoof emails
- Scammers are targeting American Express users’ financial details through spoof emails along with attached phishing form.
- The email scam states that there is a security issue with the credit card and asks for personal information to be submitted through an attached form.
A phishing email scam faking to be from American Express is targeting users’ sensitive information by stating that there is a security issue with their credit card. The email scam asks users their personal information through an attached form and prompts the users to create new login credentials.
These phishing email scams are observed to have subjects such as ‘Notice Concerning your CardMember Account’, ‘Reminder - We've issued a security concern (Action Required)’, and ‘REMINDER: A concern that requires your action’.
The email message states that at the time of report analysis, we encountered errors, therefore we mandate you to confirm your on-file records with us through the attached safe fillable web form.
The attached fillable form asks for details such as users’ online account credentials, card number, security code, expiration date, mother's maiden name, mother's birth date, birth year, first elementary school name, and security pin. It then prompts the victims to create new login credentials.
An example of the phishing email observed by Myonlinesecurity can be seen below.
“Primary Cardmember Message
We are writing to let you know that there is a recent security report for your American Express Account(s). At the time of report analysis, errors were encountered.
In view of this, We mandate that you confirm your on-file records with us.
You are to
A safe attaced fillable Web form is sent with this message.
*See attached form, download and open to continue.
Thank you for your continued card membership,
American Express Customer Service”
Once the victims submit the form with their personal details, the collected information is then sent to the scammers. The users are then redirected to the legitimate americanexpress.com page that states "Thank you for your feedback."
It is to be noted that these emails are sent out from mail domains that are based on the "American Express" keyword such as AmExpress@amnex[.]com, AmericanExpress@aemail[.]com, and AmericanExpress@ampress[.]com.
How to stay safe from such scams?
It is important for all internet users to be aware of such phishing scams and follow certain standard security practices to protect their online accounts.
- It is to be remembered that companies especially financial organizations do not request personal information through email or on call.
- In case if you receive any such email that contains links to sites and asks for your personal information, then it might be a scam, therefore it is recommended that you contact the organization to confirm the email.