Security News Amex users hit with phishing email offering anti-phishing protection

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
American Express users are being actively targeted with phishing emails impersonating the company and advising users to create an “American Express Personal Safe Key” to improve the security of their accounts.

fake-amex-safekey-email.jpg


Users who fall for the scheme are directed to a bogus Amex login page (at http://amexcloudcervice.com/login/). Once they enter their user ID and password, they are taken to a bogus page that ostensibly leads them trough the SafeKey setup process.

The victims are asked to input their Social Security number, date of birth, mother’s maiden name, mother’s date of birth, their email address, the Amex card info and identification number, and the card’s expiration date and 3-digit code on the back of the card.

amex-bogus-setup.jpg


The victims will be taken through the setup process even if they enter incorrect login credentials. And, after they finish entering all the information asked of them, they are redirected to the legitimate Amex website, making them believe they were using it the whole time.

“SafeKey isn’t new, it’s Amex’s name for 3-D Secure technology, which is an XML-based added layer of security for payment cards designed to reduce online fraud. What’s clever about the scam is that it plays upon deep-seated identity theft concerns to actually perpetrate large scale identity theft,” Comodo explained.

“Another notable aspect is the amount of care and design that the hackers employed to make it look, feel and seem as legitimate as possible, starting with logos, fonts and color schemes, and going deep into URL addresses, etc. In this way, the scam is representative of a trend towards increasingly realistic, well-designed, highly sophisticated and deeply-researched schemes that are harder and harder to spot with the naked eye.”

This isn’t the first time that scammers have been sending out similar emails and set up similar sites. Phishing campaigns using the same lure have been spotted in 2014 and earlier this year.

Full Story. https://www.helpnetsecurity.com/2016/09/15/amex-phishing-anti-phishing-protection/
 

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
Sadly, they've not made any glaringly obvious grammar or spelling mistakes so many people will be fooled by it. To me though it still looks unprofessional, especially the formatting and the fact it doesn't tell you who the heck Dave Barry is ;)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top