We are seeing a mass run of phishing emails spoofing American Express saying Please create your Personal Security Key. There are 3 sites so far discovered that attempt to perform this phishing attack

  • http://americanexpressnew2016.com/login
  • http://americanexpressglobal.com/login
  • http://axpoglobalverify.com/login

 

Currently all 3 sites fail to resolve from a UK IP address. They were all registered yesterday 8 March 2021 via Todaynic.com using Chinese details which I assume are false. The name servers associated with the domains are DNS1.NEWSITEDNS2.RU and DNS2.NEWSITEDNS2.RU

Edit: after a bit of digging around, it appears that the NEWSITEDNS2.RU has previously been used for Amex and other bank phishing attacks. It is suggested that you block their IP numbers to prevent further and future problems

  • 155.94.169.106 VirusTotal
  • 104.168.62.233 VirusTotal
  • 50.2.26.16 VirusTotal
  • 148.163.173.227
  • 192.210.203.49

 

Either the DNS has not propagated yet worldwide or the DNS service has pulled the domains. My gut feeling is that the bots have sent the emails too early before the sites were live. The date & time on the emails say Wed 30/09/2021 13:32 . I received about 50 copies of these between 03.20 and 03.30 UTC.

Be aware and watch out for when these do go live, probably later today

Email looks like:

From: American Express Customer Service <[email protected]>

Date: Wed 30/09/2021 13:32

Subject: Account Alert: Personal Safe Key (PSK)

Body Content:

 

American Express Personal Safe Key (PSK)

Please create your Personal Security Key. Personal Safe Key (PSK) is one of several authentication measures we utilize to ensure we are conducting business with you, and only you, when you contact us for assistance.

American Express uses 128-bit Secure Sockets Layer (SSL) technology. This means that when you are on our secured website the data transferred between American Express and you is encrypted and cannot be viewed by any other party. The security of your personal information is of the utmost importance to American Express, please access

https://americanexpress.com to create your PSK (Personal Safe Key).

Note: You will be redirected to a secure encrypted website.

The contained message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. Sincerely, American Express Customer Service.

 

Kind regards, Dave Barry