We are seeing quite a few American Express phishing attempts trying to get your American Express details. These are very well crafted and look identical to genuine American Express emails. The senders appear to be from American Express until you look carefully at the email headers. Do not click any links in these emails. Hover your mouse over the links and you will see a web address that isn’t American Express. Immediately delete the email and the safest way to make sure that it isn’t a genuine email from American Express is to type the American Express web address in your browser. and then log in to the account that way.
Today’s version is the American Express – Security concern on Data breach at Home Depot which is a change to previous versions to attempt to make it more believable and attractive for you to click the link & give your details. They are using the recent Home Depot hack and consequent fraudulent transactions that are being taken from many victims accounts to scare you into ignoring the usual precautions and get you to give them your details
Email looks like
|Dear Customer:We are writing to you because we need to speak with you regarding a security concern on your account. The Home Depot recently reported that there was unauthorized access to payment data systems at its U.S. stores. American Express has put fraud controls in place and we continue to closely monitor the situation. Our records indicate that you recently used your American Express card on September 19, 2014.
We actively monitor accounts for fraud, and if we see unusual activity which may be fraud, our standard practice is to immediately contact our Card Members. There is no need to call us unless you see suspicious activity on your account.
To ensure the safety of your account , please log on to : http://americanexpress.com
Your prompt response regarding this matter is appreciated.
American Express Identity Protection Team
|Please do not reply to this e-mail. This customer service e-mail was sent to you by American Express. You may receive customer service e-mails even if you have unsubscribed from marketing e-mails from American Express.Contact Customer Service | View our Privacy Statement | Opt OutThis email was sent to [redacted]@thespykiller.co.uk.American Express Customer Service DepartmentP.O. Box 297817 | Ft. Lauderdale, FL 33329-7817
2014 American Express Company. All rights reserved.
Following the link in this American Express – Security concern on Data breach at Home Depot or other spoofed emails takes you to a website that looks exactly like the real American Express site. You are then through loads of steps to input a lot of private and personal information. Not only will this information enable them to clear out & use your American Express account, but also your Bank Account, Email details, webspace ( if you have it) They then want enough information to completely impersonate you and your identity not only in cyberspace but in real life.
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected or having your details stolen by this sort of socially engineered malware.
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email or follow links in them . Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE .SCR or .COM then it is a problem and should not be run or opened.