A phishing attack is currently making rounds. It happens to be an email claiming to be from American Express. The claim it makes is that there is an issue with your credit card’s security. And you know what happens after that?
No, Tell Me, What Happens Next?
As with any clickbait, you feel compelled to click on the HTML link in the email. From that point onward whatever information you have entered into the resulting form will be sent back to the team of scammers counting on it.
This Is Not News
The variants of such an email were already being sent to users since last October, but this time around it’s using the name of American Express. All of them had the same claim; your credit card has security issues and that immediate action is required.
Recipients upon clicking the link are taken to the form, where you are required to input details of your credit card for an apparent security review. Alas! it gets sent back to scammers (as previously stated).
What Bits To Keep An Eye Out For
These emails are usually sent from an “official” American Express ID. See, anyone can get easily tricked when that keyword is in the picture. Email addresses can be the likes of [email protected], [email protected], and [email protected]
So keep an eye out for the above email addresses. Even better are the subjects of these emails, capitalizing on both, the sense of urgency and human emotion. Any layperson after reading, “Notice Concerning your CardMember Account”, “Reminder – We’ve issued a security concern (Action Required)”, and “REMINDER: A concern that requires your action” is bound to fall for it.
What Does It Look Like
Following is a textbook phishing email pattern and how its content looks like.
When you get anything even remotely similar to the template above, it should be enough to serve as a red flag for you.
Below is the form which opens up when you click on the American Express email (HTML link), in question.
The form asks for your card number, security code, date of birth, mother’s maiden name and other information. In turn, sets up new login credentials for the user (yeah, like you are ever returning to the site).
After hitting the submit button, the info gets sent back to a remote host (which is obviously not a legitimate thing but you’ll never know). It then redirects the user to an “authentic” American Express confirmation cum “thank you” page which affirms your conviction in the deed you just performed.
What Can Be Done About This?
For starters, stay vigilant when you are navigating the cybersphere. All it takes is one malicious email that can wreak havoc. Normally, companies as big as American Express and other similar ones will never ask for private and confidential data from its users.
Secondly, it is always advisable to double check the authenticity of that email by confirming over the telephone with the company. Moreover, a decent VPN in place goes a long way.
A VPN tends to mask your online IP address and assigns a different IP making it nearly impossible for the hacker to get hold of your actual location, let alone send you a phishing email.
You can check out Ivacy’s 7-day trial here. Furthermore, you can always opt for an Ivacy subscription by clicking the button below.