Miles and points aficionados love getting the latest and the best sign-up bonuses to kickstart our travel plans. When we apply for a credit card, we give up a lot of personal information. We enter vital information right from our income, social security number and address. Banks have made credit card applications available online in order to simplify the credit card application process. However, we still face security risks. A phishing attack was recently targeted at American Express customers.
Phishing
For those who may be unfamiliar, TechTarget defines phishing as follows:
Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims.
Most Recent Attack
The most recent phishing attack targeted both consumer and corporate cardholders. Not surprisingly, the email is poorly worded and contains grammatical errors.
Like most phishing scams, this email looks to also create a sense of urgency. The customer here is made to click on the link which ends up being the initial trap for the phishing scam. The attacker then urges the victim to click on this link in order to set things right:
h**ps://www.americanexpress[.]com/cardmembersvcs/app/signin/Update/Verification
Fake American Express Page
Once the victim clicks on the link, he’s taken to the fake Amex page set up by the attacker. This page is nothing but a copy of the original amex page.
Scam Detection
Thankfully, Microsoft’s Office 365 Advanced Threat Protection detected this scam in an email on a computer that received it.
What you need to do
You can head to this page and submit an email to spoof@americanexpress.com. American Express advises that you not click on links in emails you find suspicious and delete them immediately from your inbox.
The Pundit’s Mantra
Cofense hasn’t yet published any data about how many customers were affected before the email was detected. However, it’s up to us as customers to remain vigilant.
If your financial institution sends you an email, then please review it carefully. Secondly, look out for grammatical errors or garbled images. These are usually clear signs of something being amiss. Also, check your bank and credit card accounts frequently in order to monitor activity. Set alerts on your mobile phone and email in order to track your transactions.
Never miss out on the best miles/points deals. Like us on Facebook ,follow us on Instagram and Twitter to keep getting the latest content!
H/T: Cofense.com
As long as people continue to behave like greedy idiots, the bad guys will continue to proliferate. Use your heads, people! Nobody is “making” you click on anything. Is a few thousand points/miles worth exposing yourself as stupid?
A lot of these scams are just a numbers game. Scammers send these links out to thousands of people and then hope that even if less than 1% fall for it, their job is done. There’s another similar scam that’s always doing the rounds. https://blog.malwarebytes.com/cybercrime/2019/02/sextortion-bitcoin-scam-makes-unwelcome-return/
Always read these emails CAREFULLY. This one has at least three typos I noted in just a cursory reading. If you see ANY, the email is likely to be a phishing attempt.
Grammatical errors are telltale signs of an email being a scam. However, scammers count on a few people not being attentive. That always works in their favor.