We are seeing quite a few American Express phishing attempts trying to get your American Express details. These are very well crafted and look identical to genuine American Express emails. The senders appear to be from American Express until you look carefully at the email headers. They are using literally hundreds if not thousands of hijacked websites to perform these attacks.
The site listed in the email is the first step in the chain and you are bounced on to other sites. The coding on the primary hijacked sites suggest that they are under the control of the Blackhole and Angler exploit kit criminals. This means that at any time when they have taken stolen enough identities and money, they will switch to spreading malware via the same network and emails.
Do not click any links in these emails. Hover your mouse over the links and you will see a web address that isn’t American Express. Immediately delete the email and the safest way to make sure that it isn’t a genuine email form American Express is to type the American Express web address in your browser. and then log in to the account that way.
Today’s version is the American Express – Safe Key one with a slight change to previous versions to attempt to make it more believable and attractive for you to click the link & give your details
Email looks like
Dear Customer:We are writing to you because we need to speak with you regarding a security concern on your account. Our records indicate that you recently used your American Express card on August 8, 2021.
For your security, new charges on the accounts listed above may be declined. If applicable, you should advise any Additional Card Member(s) on your account that their new charges may also be declined.
To secure your account , please click log on to : http://americanexpress.com
Your prompt response regarding this matter is appreciated.
American Express Identity Protection Team
Please do not reply to this e-mail. This customer service e-mail was sent to you by American Express. You may receive customer service e-mails even if you have unsubscribed from marketing e-mails from American Express.Contact Customer Service | View our Privacy Statement | Opt OutThis email was sent to email@example.com.American Express Customer Service DepartmentP.O. Box 297817 | Ft. Lauderdale, FL 33329-78172014 American Express Company. All rights reserved.
Following the link in this American Express – Safe Key email or other spoofed emails takes you to a website that looks exactly like the real American Express site. You are then through loads of steps to input a lot of private and personal information. Not only will this information enable them to clear out & use your American Express account, but also your Bank Account, Email details, webspace ( if you have it) They then want enough information to completely impersonate you and your identity not only in cyberspace but in real life.
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected or having your details stolen by this sort of socially engineered malware.
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email or follow links in them . Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details.
Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE .SCR or .COM then it is a problem and should not be run or opened.