Miles and points aficionados love getting the latest and the best sign-up bonuses to kickstart our travel plans. When we apply for a credit card, we give up a lot of personal information. We enter vital information right from our income, social security number and address. Banks have made credit card applications available online in order to simplify the credit card application process. However, we still face security risks. A phishing attack was recently targeted at American Express customers.
For those who may be unfamiliar, TechTarget defines phishing as follows:
Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims.
Most Recent Attack
The most recent phishing attack targeted both consumer and corporate cardholders. Not surprisingly, the email is poorly worded and contains grammatical errors.
Like most phishing scams, this email looks to also create a sense of urgency. The customer here is made to click on the link which ends up being the initial trap for the phishing scam. The attacker then urges the victim to click on this link in order to set things right:
Fake American Express Page
Once the victim clicks on the link, he’s taken to the fake Amex page set up by the attacker. This page is nothing but a copy of the original amex page.
Thankfully, Microsoft’s Office 365 Advanced Threat Protection detected this scam in an email on a computer that received it.
What you need to do
You can head to this page and submit an email to email@example.com. American Express advises that you not click on links in emails you find suspicious and delete them immediately from your inbox.
The Pundit’s Mantra
Cofense hasn’t yet published any data about how many customers were affected before the email was detected. However, it’s up to us as customers to remain vigilant.
If your financial institution sends you an email, then please review it carefully. Secondly, look out for grammatical errors or garbled images. These are usually clear signs of something being amiss. Also, check your bank and credit card accounts frequently in order to monitor activity. Set alerts on your mobile phone and email in order to track your transactions.