American Express-themed phishing scam emails are hitting inboxes once again, according to Help Net Security news website.
The bogus email entitled “American Express Online Security Service Notification” is sent from an unnamed “legal advisor” and contains a link for the recipients to follow. The link is supposed to verify the access to their personal bank account because “failure to adhere may affect your online banking access in the future.”
Eventually, the link will take users to a page that is very similar to the American Express website and even uses their logo. The page contains a form, where users are expected to enter their personal information, including name, date of birth, address, card number, expiration date, PIN, CSC number, American Express user ID and password.
Once the recipients have filled in and submitted the form, they are redirected to the real website of American Express, while in the meantime cybercriminals can use the submitted information to commit identity theft and credit card fraud. The information is enough for phishing scammers to empty the user’s bank account, hijack their email and potentially impersonate them in many other ways.
American Express will never send emails asking users to follow links to update personal details, according to security news website Hoax-Slayer. And what’s more, the company’s genuine emails will never use common greetings like “Dear Customer”, but would rather use the customer’s name, the website points out and adds that it is always safer for users to access their online account by typing the address into the address bar of the browser instead of clicking links from emails.