Bogus AmEx notification leads to thorough phishing

American Express-themed phishing emails are never out of circulation, but it pays to know which new (or recycled) angle is being used at the moment.

The latest one to hit inboxes is a bogus “America Express Online Security Service Notification”, which urges users to follow the offered link and verify their access to their online banking account, because “failure to adhere may affect your online banking access in the future.”

The link will take potential victims to a page sporting the AmEx logo and a form into which they are expected to enter their name, date of birth, address, card number, expiration date, PIN and CSC number, their AmEx user ID and password, and their email address and associated password:

All this information is more than enough for the scammers to be able to empty the victims’ bank account, hijack their email account, and impersonate them in other ways.

“American Express would never send an unsolicited email asking customers to click a link to update account details. And, genuine American Express emails will always greet customers by their names. It will never use generic greetings such as ‘Dear Customer’,” points out Hoax-Slayer. “It is always safest to access all of your online accounts by typing the account address into your browser’s address bar rather than by clicking an email link.

Don't miss